tooryx
commented
2 months ago Hi @hayageek,
Let's wait on your 2 AI-PRP submissions before we take a decision on this one.
Cheers, ~tooryx
Open hayageek opened 2 months ago
tooryx
commented
2 months ago Hi @hayageek,
Let's wait on your 2 AI-PRP submissions before we take a decision on this one.
Cheers, ~tooryx
Hi Team, I would like to develop a plugin for Apache DolphinScheduler weak credentials Tester. for , Apache DolphinScheduler an open-source distributed workflow scheduler designed to manage complex data and task workflows across various systems efficiently.
The platform uses different credentials for its UI and Java Gateway API(based on https://github.com/py4j). The Java Gateway API, in particular, comes with a default authentication token.
For information on setting up DolphinScheduler using Docker, refer to the official documentation. The Docker image used is apache/dolphinscheduler-standalone-server:3.1.5.
According to the configuration guide, if DolphinScheduler is deployed with the Docker image (apache/dolphinscheduler-standalone-server), it uses the default auth token:
Note that if the Java Gateway is exposed, it is possible for anyone to perform tasks (e.g., Shell, Python), which could lead to remote code execution (RCE).