CVE-2024-43202 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-43202?

CVE-2024-43202 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Apache DolphinScheduler servers by exploiting improper input validation. It affects all Apache DolphinScheduler installations before version 3.2.2. Organizations using vulnerable versions are at risk of complete system compromise.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Apache DolphinScheduler servers by exploiting improper input validation. It affects all Apache DolphinScheduler installations before version 3.2.2. Organizations using vulnerable versions are at risk of complete system compromise.

💻 Affected Systems

Products:

Apache DolphinScheduler

Versions: All versions before 3.2.2

Operating Systems: All supported platforms (Linux, Windows, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Dolphinscheduler by Apache

View all CVEs affecting Dolphinscheduler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, data exfiltration, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Unauthorized code execution leading to service disruption, data manipulation, and credential theft.

🟢

If Mitigated

Limited impact due to network segmentation and strict access controls, potentially only affecting the DolphinScheduler service itself.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable without authentication, making them prime targets.

🏢 Internal Only: HIGH - Even internal instances are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Based on CVSS 9.8 score and CWE-94 (Code Injection), exploitation is likely straightforward. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.2

Vendor Advisory: https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download Apache DolphinScheduler 3.2.2 from official sources. 3. Stop the DolphinScheduler service. 4. Replace installation with new version. 5. Restore configuration if needed. 6. Start the service and verify functionality.

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to DolphinScheduler instances using firewall rules

iptables -A INPUT -p tcp --dport [DolphinScheduler_port] -s [trusted_network] -j ACCEPT
iptables -A INPUT -p tcp --dport [DolphinScheduler_port] -j DROP

Access Control

all

Implement strict authentication and authorization controls

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to only trusted sources
Deploy web application firewall (WAF) with RCE protection rules and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check the DolphinScheduler version via web interface or configuration files. Versions below 3.2.2 are vulnerable.

Check Version:

Check the version in the web interface or examine the installation directory for version files

Verify Fix Applied:

Verify version is 3.2.2 or higher and test workflow execution functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution patterns
Suspicious command execution in workflow logs
Authentication bypass attempts

Network Indicators:

Unexpected outbound connections from DolphinScheduler server
Unusual payloads in HTTP requests to DolphinScheduler endpoints

SIEM Query:

source="dolphinscheduler" AND (event="command_execution" OR event="process_creation") AND user!="authorized_user"

📊 Metadata

CVE ID: CVE-2024-43202

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: August 20, 2024

Last Updated: March 18, 2025

🔗 References

https://github.com/apache/dolphinscheduler/pull/15758 Issue Tracking,Patch
https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5 Vendor Advisory
https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2023-49109 Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/08/20/2 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43202, you might also want to check these: