平台
java
组件
org.apache.dolphinscheduler:dolphinscheduler-task-api
修复版本
3.2.2
3.2.2
CVE-2024-43202 describes a critical Remote Code Execution (RCE) vulnerability discovered in Apache Dolphinscheduler. This flaw allows an attacker to potentially execute arbitrary code on a vulnerable system. The vulnerability impacts versions of Apache Dolphinscheduler up to and including 3.2.1. A patch is available in version 3.2.2.
The RCE vulnerability in Apache Dolphinscheduler poses a significant threat. An attacker could exploit this flaw to gain complete control over the server hosting the Dolphinscheduler instance. This could lead to data breaches, system compromise, and further lateral movement within the network. The attacker could potentially steal sensitive data, modify configurations, or even use the compromised server as a launchpad for attacks against other systems. The potential blast radius is substantial, particularly in environments where Dolphinscheduler is used to orchestrate critical workflows.
CVE-2024-43202 was publicly disclosed on August 20, 2024. While no active exploitation campaigns have been publicly confirmed, the CRITICAL severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge given the nature of the vulnerability.
Organizations heavily reliant on Apache Dolphinscheduler for workflow orchestration are particularly at risk. This includes data engineering teams, DevOps pipelines, and any environment where Dolphinscheduler manages critical processes. Shared hosting environments running Dolphinscheduler are also at increased risk due to potential cross-tenant vulnerabilities.
• java / server:
ps aux | grep dolphinscheduler• java / server:
journalctl -u dolphinscheduler -f | grep "error"• generic web:
curl -I http://<dolphinscheduler_ip>/api/task/submit• generic web:
grep -r "/api/task/submit" /var/log/apache2/access.logdisclosure
漏洞利用状态
EPSS
4.41% (89% 百分位)
CVSS 向量
The primary mitigation for CVE-2024-43202 is to immediately upgrade Apache Dolphinscheduler to version 3.2.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the Dolphinscheduler API. Review and harden the Dolphinscheduler configuration, paying close attention to authentication and authorization settings. Monitor system logs for any suspicious activity related to Dolphinscheduler. After upgrading, confirm the fix by attempting to trigger the vulnerable API endpoint and verifying that it no longer executes arbitrary code.
将 Apache Dolphinscheduler 升级到 3.2.2 或更高版本。此版本包含远程代码执行漏洞的修复。升级将降低被利用的风险。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-43202 is a critical Remote Code Execution vulnerability affecting Apache Dolphinscheduler versions 3.2.1 and earlier, allowing attackers to execute arbitrary code.
Yes, if you are running Apache Dolphinscheduler versions 3.2.1 or earlier, you are vulnerable to this RCE.
Upgrade Apache Dolphinscheduler to version 3.2.2 or later to remediate the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
While no active exploitation campaigns have been publicly confirmed, the CRITICAL severity suggests a high probability of exploitation.
Refer to the Apache Dolphinscheduler project website and security announcements for the official advisory: https://dolphinscheduler.apache.org/
上传你的 pom.xml 文件,立即知道是否受影响。