Plattform
java
Komponente
org.apache.dolphinscheduler:dolphinscheduler-task-api
Behoben in
3.2.2
3.2.2
CVE-2024-43202 describes a critical Remote Code Execution (RCE) vulnerability discovered in Apache Dolphinscheduler. This flaw allows an attacker to potentially execute arbitrary code on a vulnerable system. The vulnerability impacts versions of Apache Dolphinscheduler up to and including 3.2.1. A patch is available in version 3.2.2.
The RCE vulnerability in Apache Dolphinscheduler poses a significant threat. An attacker could exploit this flaw to gain complete control over the server hosting the Dolphinscheduler instance. This could lead to data breaches, system compromise, and further lateral movement within the network. The attacker could potentially steal sensitive data, modify configurations, or even use the compromised server as a launchpad for attacks against other systems. The potential blast radius is substantial, particularly in environments where Dolphinscheduler is used to orchestrate critical workflows.
CVE-2024-43202 was publicly disclosed on August 20, 2024. While no active exploitation campaigns have been publicly confirmed, the CRITICAL severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge given the nature of the vulnerability.
Organizations heavily reliant on Apache Dolphinscheduler for workflow orchestration are particularly at risk. This includes data engineering teams, DevOps pipelines, and any environment where Dolphinscheduler manages critical processes. Shared hosting environments running Dolphinscheduler are also at increased risk due to potential cross-tenant vulnerabilities.
• java / server:
ps aux | grep dolphinscheduler• java / server:
journalctl -u dolphinscheduler -f | grep "error"• generic web:
curl -I http://<dolphinscheduler_ip>/api/task/submit• generic web:
grep -r "/api/task/submit" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
4.41% (89% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-43202 is to immediately upgrade Apache Dolphinscheduler to version 3.2.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the Dolphinscheduler API. Review and harden the Dolphinscheduler configuration, paying close attention to authentication and authorization settings. Monitor system logs for any suspicious activity related to Dolphinscheduler. After upgrading, confirm the fix by attempting to trigger the vulnerable API endpoint and verifying that it no longer executes arbitrary code.
Actualice Apache DolphinScheduler a la versión 3.2.2 o superior. Esta versión contiene la corrección para la vulnerabilidad de ejecución remota de código. La actualización mitigará el riesgo de explotación.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-43202 is a critical Remote Code Execution vulnerability affecting Apache Dolphinscheduler versions 3.2.1 and earlier, allowing attackers to execute arbitrary code.
Yes, if you are running Apache Dolphinscheduler versions 3.2.1 or earlier, you are vulnerable to this RCE.
Upgrade Apache Dolphinscheduler to version 3.2.2 or later to remediate the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
While no active exploitation campaigns have been publicly confirmed, the CRITICAL severity suggests a high probability of exploitation.
Refer to the Apache Dolphinscheduler project website and security announcements for the official advisory: https://dolphinscheduler.apache.org/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.