Plataforma
java
Componente
org.apache.dolphinscheduler:dolphinscheduler-task-api
Corrigido em
3.2.2
3.2.2
CVE-2024-43202 describes a critical Remote Code Execution (RCE) vulnerability discovered in Apache Dolphinscheduler. This flaw allows an attacker to potentially execute arbitrary code on a vulnerable system. The vulnerability impacts versions of Apache Dolphinscheduler up to and including 3.2.1. A patch is available in version 3.2.2.
The RCE vulnerability in Apache Dolphinscheduler poses a significant threat. An attacker could exploit this flaw to gain complete control over the server hosting the Dolphinscheduler instance. This could lead to data breaches, system compromise, and further lateral movement within the network. The attacker could potentially steal sensitive data, modify configurations, or even use the compromised server as a launchpad for attacks against other systems. The potential blast radius is substantial, particularly in environments where Dolphinscheduler is used to orchestrate critical workflows.
CVE-2024-43202 was publicly disclosed on August 20, 2024. While no active exploitation campaigns have been publicly confirmed, the CRITICAL severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge given the nature of the vulnerability.
Organizations heavily reliant on Apache Dolphinscheduler for workflow orchestration are particularly at risk. This includes data engineering teams, DevOps pipelines, and any environment where Dolphinscheduler manages critical processes. Shared hosting environments running Dolphinscheduler are also at increased risk due to potential cross-tenant vulnerabilities.
• java / server:
ps aux | grep dolphinscheduler• java / server:
journalctl -u dolphinscheduler -f | grep "error"• generic web:
curl -I http://<dolphinscheduler_ip>/api/task/submit• generic web:
grep -r "/api/task/submit" /var/log/apache2/access.logdisclosure
Status do Exploit
EPSS
4.41% (percentil 89%)
Vetor CVSS
The primary mitigation for CVE-2024-43202 is to immediately upgrade Apache Dolphinscheduler to version 3.2.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the Dolphinscheduler API. Review and harden the Dolphinscheduler configuration, paying close attention to authentication and authorization settings. Monitor system logs for any suspicious activity related to Dolphinscheduler. After upgrading, confirm the fix by attempting to trigger the vulnerable API endpoint and verifying that it no longer executes arbitrary code.
Atualize o Apache DolphinScheduler para a versão 3.2.2 ou superior. Esta versão contém a correção para a vulnerabilidade de execução remota de código. A atualização mitigará o risco de exploração.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-43202 is a critical Remote Code Execution vulnerability affecting Apache Dolphinscheduler versions 3.2.1 and earlier, allowing attackers to execute arbitrary code.
Yes, if you are running Apache Dolphinscheduler versions 3.2.1 or earlier, you are vulnerable to this RCE.
Upgrade Apache Dolphinscheduler to version 3.2.2 or later to remediate the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
While no active exploitation campaigns have been publicly confirmed, the CRITICAL severity suggests a high probability of exploitation.
Refer to the Apache Dolphinscheduler project website and security announcements for the official advisory: https://dolphinscheduler.apache.org/
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.