6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-26884

GHSA ID

GHSA-vpgf-fgm8-gxr2

EPSS Score

0.47042%

CWE

CWE-22

Published

10/28/2022

Updated

1/30/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-26884

CVE-2022-26884: Apache DolphinScheduler vulnerable to Path Traversal

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-26884

CVE-2022-26884:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-26884

GHSA ID

GHSA-vpgf-fgm8-gxr2

EPSS Score

0.47042%

CWE

CWE-22

Published

10/28/2022

Updated

1/30/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.dolphinscheduler:dolphinscheduler	maven	< 2.0.6	2.0.6

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description indicates path traversal via the log server, which implies improper input sanitization in log file retrieval functions. The LoggerController.viewLog method is a core component handling log access in Apache DolphinScheduler. Path traversal vulnerabilities in similar systems often occur in log viewer endpoints that directly use user input to construct file paths without proper normalization. The patch in 2.0.6 would likely have added path validation/sanitization in this critical log handling component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-26884: Apache DolphinScheduler vulnerable to Path Traversal

CVE-2022-26884:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

CVE-2022-26884: Apache DolphinScheduler vulnerable to Path Traversal

6.5

6.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI