CVE-2022-34662

moderate-risk

Published 2022-11-01

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher

Do I need to act?

1.00% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Dolphinscheduler

Affected Vendors

Apache

References (4)

http://www.openwall.com/lists/oss-security/2022/11/01/13

Mailing List https://lists.apache.org/thread/pbdzqf9ntxyvs4cr0x2dgk9zlf43btz8

http://www.openwall.com/lists/oss-security/2022/11/01/13

Mailing List https://lists.apache.org/thread/pbdzqf9ntxyvs4cr0x2dgk9zlf43btz8

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal