Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
December 1, 2023Rewterz Threat Advisory – Multiple Jenkins MATLAB Plugin Vulnerabilities
December 1, 2023Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
December 1, 2023Rewterz Threat Advisory – Multiple Jenkins MATLAB Plugin Vulnerabilities
December 1, 2023Severity
Medium
Analysis Summary
CVE-2023-49620
Apache DolphinScheduler could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to delete UDF function in the resource center.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-49620
Affected Vendors
Apache
Affected Products
- Apache DolphinScheduler 3.0.0
- Apache DolphinScheduler 2.0.0
Remediation
Upgrade to the latest version of Apache DolphinScheduler, available from the Apache Web site.