{"schema_version": "1.6.1", "id": "CVE-2020-13922", "summary": "Apache DolphinScheduler (incubating) Permission vulnerability", "details": "Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache DolphinScheduler"}, {"fixed": "1.3.2"}]}]}], "references": [{"type": "ADVISORY", "url": "https://www.mail-archive.com/announce%40apache.org/msg06076.html"}]}