{"id":"PYSEC-2021-876","details":"Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.","aliases":["CVE-2020-13922","GHSA-qhh5-9738-g9mx"],"modified":"2025-10-09T08:20:38.443372Z","published":"2021-01-11T10:15:00Z","references":[{"type":"WEB","url":"https://www.mail-archive.com/announce%40apache.org/msg06076.html"}],"affected":[{"package":{"name":"apache-dolphinscheduler","ecosystem":"PyPI","purl":"pkg:pypi/apache-dolphinscheduler"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.1.0","0.1.1","2.0.5","2.0.5.1","2.0.7","3.0.0","3.0.0a0","3.0.0b1","3.0.0b2","3.0.1","3.0.2","3.1.0","3.1.1","4.0.0","4.0.1","4.0.2","4.0.2.1","4.0.2a1","4.0.2a10","4.0.2a11","4.0.2a12","4.0.2a2","4.0.2a3","4.0.2a4","4.0.2a5","4.0.2a6","4.0.2a7","4.0.2a8","4.0.2a9","4.0.3","4.0.4","4.1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}