Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
References
| Link | Resource |
|---|---|
| https://lists.apache.org/thread/gx6v1wjb6qg3fzksxomysspy2gw54ooc | Mailing List Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2026/06/17/5 | Mailing List Third Party Advisory |
Configurations
History
17 Jun 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-17 13:20
Updated : 2026-06-17 17:17
NVD link : CVE-2026-47340
Mitre link : CVE-2026-47340
CVE.ORG link : CVE-2026-47340
JSON object : View
Products Affected
apache
- dolphinscheduler
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
