Primary

Context

Apache DolphinScheduler Incorrect Authorization Vulnerability Allowing Use of Undefined Tenants in Workflows

Vulnerability

Patched

A vulnerability in Apache DolphinScheduler prior to version 3.4.1 allows authenticated users with system login permissions to utilize tenants not defined on the platform during workflow execution. This incorrect authorization issue could lead to unauthorized access or manipulation of workflow processes.

Impact

Exploitation of this vulnerability could result in unauthorized use of tenants during workflow execution, potentially leading to incorrect workflow processing or resource allocation.

Remediation

Users are advised to upgrade to Apache DolphinScheduler version 3.4.1 or later, which addresses this vulnerability.

Added: Apr 24, 2026, 12:24 PM

Updated: Apr 24, 2026, 12:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

6.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

6.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache DolphinScheduler Incorrect Authorization Vulnerability Allowing Use of Undefined Tenants in Workflows

Vulnerability

Impact

Remediation

Affected Products

Apache DolphinScheduler

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating