Login Sign Up

CVE-2023-49068

7.5 HIGH

📋 TL;DR

Apache DolphinScheduler versions before 3.2.1 expose sensitive information to unauthorized actors through improper log handling. This vulnerability allows attackers to access confidential data that should be restricted to trusted operators. All users running affected versions are at risk.

💻 Affected Systems

Products:
  • Apache DolphinScheduler
Versions: All versions before 3.2.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments of Apache DolphinScheduler before version 3.2.1 regardless of configuration.

📦 What is this software?

Dolphinscheduler by Apache

View all CVEs affecting Dolphinscheduler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to sensitive credentials, API keys, or configuration data leading to complete system compromise or data breach.

🟠

Likely Case

Unauthorized users access operational logs containing sensitive system information, potentially enabling further attacks.

🟢

If Mitigated

Only trusted operators can access logs, limiting exposure to authorized personnel with proper access controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to log files, which may be accessible through web interfaces or file system access depending on deployment.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.1

Vendor Advisory: https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download Apache DolphinScheduler 3.2.1 from official sources. 3. Stop the DolphinScheduler service. 4. Replace installation with new version. 5. Restore configuration. 6. Start the service.

🔧 Temporary Workarounds

Restrict Log File Access

linux

Configure file system permissions to ensure only trusted operators can access DolphinScheduler log files.

chmod 600 /path/to/dolphinscheduler/logs/*
chown dolphinscheduler:dolphinscheduler /path/to/dolphinscheduler/logs/*

🧯 If You Can't Patch

  • Implement strict access controls on log directories to limit access to authorized personnel only.
  • Monitor log access attempts and implement alerting for unauthorized access patterns.

🔍 How to Verify

Check if Vulnerable:

Check the DolphinScheduler version by examining the application interface or configuration files for version information.

Check Version:

Check the version in the DolphinScheduler web UI or examine the application.properties file.

Verify Fix Applied:

Verify the version is 3.2.1 or later and confirm log file permissions are properly restricted.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to log files
  • Suspicious log file reads from unexpected users or IPs

Network Indicators:

  • Unusual requests to log endpoints or file access APIs

SIEM Query:

source="dolphinscheduler" AND (event="log_access" OR event="file_read") AND user NOT IN ["authorized_users"]

📊 Metadata

CVE ID: CVE-2023-49068
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: November 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49068, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)