GHSA-r989-cjhx-3v49CriticalCVSS 9.8

Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure

Published
June 17, 2026
Last Modified
June 18, 2026

🔗 CVE IDs covered (1)

📋 Description

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

🎯 Affected products1

  • maven/org.apache.dolphinscheduler:dolphinscheduler-api:< 3.4.2

🔗 References (4)