CVE-2022-25598
📋 TL;DR
Apache DolphinScheduler's user registration feature contains a Regular Expression Denial of Service (ReDoS) vulnerability that allows attackers to cause service disruption by sending specially crafted input. This affects all Apache DolphinScheduler instances with vulnerable versions that have user registration enabled. The vulnerability can lead to CPU exhaustion and service unavailability.
💻 Affected Systems
- Apache DolphinScheduler
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to CPU exhaustion, preventing legitimate users from accessing the DolphinScheduler instance and disrupting workflow automation.
Likely Case
Degraded performance or temporary service disruption affecting user registration and potentially other functions during attack periods.
If Mitigated
Minimal impact with proper rate limiting, input validation, and monitoring in place to detect and block ReDoS attempts.
🎯 Exploit Status
ReDoS attacks typically require minimal technical skill to execute. The vulnerability is in a publicly accessible user registration endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.5 or higher
Vendor Advisory: https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93
Restart Required: Yes
Instructions:
1. Backup your current configuration and data. 2. Download Apache DolphinScheduler version 2.0.5 or higher from the official Apache website. 3. Stop the DolphinScheduler service. 4. Replace the existing installation with the new version. 5. Restart the DolphinScheduler service. 6. Verify the upgrade was successful.
🔧 Temporary Workarounds
Disable User Registration
allTemporarily disable user registration functionality to prevent exploitation while planning for upgrade.
Modify configuration to disable user registration feature
Implement Rate Limiting
allAdd rate limiting to user registration endpoints to prevent ReDoS attacks.
Configure web server or application firewall to limit requests to user registration endpoints
🧯 If You Can't Patch
- Implement strict input validation and sanitization for user registration fields
- Deploy a WAF with ReDoS protection rules and monitor for abnormal request patterns
🔍 How to Verify
Check if Vulnerable:
Check if Apache DolphinScheduler version is below 2.0.5 and user registration is enabled.Check Version:
Check the DolphinScheduler web interface or configuration files for version informationVerify Fix Applied:
Verify the version is 2.0.5 or higher and test user registration functionality with various inputs.📡 Detection & Monitoring
Log Indicators:
- Multiple failed user registration attempts with similar patterns
- Unusually high CPU usage on DolphinScheduler server
- Slow response times for user registration requests
Network Indicators:
- High volume of POST requests to user registration endpoints
- Requests with specially crafted input patterns designed to trigger ReDoS
SIEM Query:
source="dolphinscheduler" AND (message="user registration" OR endpoint="/register") AND status=400 AND count>10 within 1m