CVSS<\/a> de 9.8, consider\u00e1ndose una amenaza cr\u00edtica. En la pr\u00e1ctica, esta vulnerabilidad permite a atacantes remotos inyectar comandos maliciosos en el servidor, permitiendo el control total o parcial del sistema. Esto plantea un riesgo importante para la infraestructura de TI, ya que el atacante puede manipular datos, interrumpir servicios y comprometer toda o parte de la red.<\/p>\nC\u00f3mo funciona CVE-2024-43202<\/h2>\n
CVE-2024-43202 ocurre debido a un control inadecuado de generaci\u00f3n de c\u00f3digo dentro de Apache DolphinScheduler. Espec\u00edficamente, la falla radica en el mecanismo de manejo de scripts utilizado en la programaci\u00f3n de tareas. La falta de una validaci\u00f3n adecuada permite a un atacante inyectar c\u00f3digo malicioso en scripts procesados \u200b\u200bpor DolphinScheduler. Cuando el sistema procesa estos scripts, el c\u00f3digo inyectado se ejecuta con privilegios de servidor, lo que permite al atacante manipular el flujo de trabajo, acceder a datos confidenciales o comprometer otros sistemas conectados.<\/p>\n
La explotaci\u00f3n de CVE-2024-43202 se puede realizar de forma remota. Esto significa que cualquier persona con acceso a la interfaz de DolphinScheduler, o cualquier punto vulnerable expuesto en la red, puede explotar la falla. Se puede insertar c\u00f3digo malicioso mediante comandos especialmente dise\u00f1ados en tareas que ser\u00e1n procesadas por el sistema, lo que hace que esta vulnerabilidad sea especialmente peligrosa en entornos donde se puede acceder a DolphinScheduler a trav\u00e9s de Internet.<\/p>\n
Se requiere correcci\u00f3n inmediata<\/h2>\n
Debido a la gravedad de esta vulnerabilidad, es muy importante que las organizaciones que utilicen Apache DolphinScheduler actualicen a la versi\u00f3n 3.2.2, que corrige esta vulnerabilidad. Adem\u00e1s, se recomienda realizar auditor\u00edas de seguridad para identificar cualquier indicio de explotaci\u00f3n previa e implementar medidas de seguridad adicionales si fuera necesario. <\/p>\n","protected":false},"excerpt":{"rendered":"
CVE-2024-43202 es una vulnerabilidad cr\u00edtica descubierta en Apache DolphinScheduler, un popular sistema de programaci\u00f3n de tareas ampliamente utilizado en entornos corporativos para gestionar flujos de trabajo de Big Data. Esta falla, identificada como una vulnerabilidad de inyecci\u00f3n de c\u00f3digo, llama la atenci\u00f3n por su potencial de explotaci\u00f3n, que puede llevar a compromisos graves en los […]<\/p>\n","protected":false},"author":14,"featured_media":20706,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1019],"tags":[1778],"class_list":["post-20715","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-generico","tag-cve-es"],"yoast_head":"\n
CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler - OSTEC | Seguran\u00e7a digital de resultados<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler - OSTEC | Seguran\u00e7a digital de resultados\" \/>\n<meta property=\"og:description\" content=\"CVE-2024-43202 es una vulnerabilidad cr\u00edtica descubierta en Apache DolphinScheduler, un popular sistema de programaci\u00f3n de tareas ampliamente utilizado en entornos corporativos para gestionar flujos de trabajo de Big Data. Esta falla, identificada como una vulnerabilidad de inyecci\u00f3n de c\u00f3digo, llama la atenci\u00f3n por su potencial de explotaci\u00f3n, que puede llevar a compromisos graves en los […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/\" \/>\n<meta property=\"og:site_name\" content=\"OSTEC | Seguran\u00e7a digital de resultados\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ostec\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-01T17:28:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"928\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alejandra Villanueva\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ostecsecurity\" \/>\n<meta name=\"twitter:site\" content=\"@ostecsecurity\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/\"},\"author\":{\"name\":\"Alejandra Villanueva\",\"@id\":\"https:\/\/ostec.blog\/#\/schema\/person\/882afa77ea19c38d090f993830060c3c\"},\"headline\":\"CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler\",\"datePublished\":\"2024-10-01T17:28:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/\"},\"wordCount\":368,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/ostec.blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg\",\"keywords\":[\"cve\"],\"articleSection\":[\"Gen\u00e9rico\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/\",\"url\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/\",\"name\":\"CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler - OSTEC | Seguran\u00e7a digital de resultados\",\"isPartOf\":{\"@id\":\"https:\/\/ostec.blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg\",\"datePublished\":\"2024-10-01T17:28:01+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#primaryimage\",\"url\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg\",\"contentUrl\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg\",\"width\":928,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"In\u00edcio\",\"item\":\"https:\/\/ostec.blog\/es\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ostec.blog\/#website\",\"url\":\"https:\/\/ostec.blog\/\",\"name\":\"OSTEC | Seguran\u00e7a digital de resultados\",\"description\":\"Empresa especializada na oferta de produtos e servi\u00e7os de seguran\u00e7a digital.\",\"publisher\":{\"@id\":\"https:\/\/ostec.blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ostec.blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/ostec.blog\/#organization\",\"name\":\"OSTEC Business Security\",\"url\":\"https:\/\/ostec.blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/ostec.blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/11\/logo_ostec_250.png\",\"contentUrl\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/11\/logo_ostec_250.png\",\"width\":251,\"height\":67,\"caption\":\"OSTEC Business Security\"},\"image\":{\"@id\":\"https:\/\/ostec.blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ostec\",\"https:\/\/x.com\/ostecsecurity\",\"https:\/\/www.instagram.com\/ostecsecurity\/\",\"https:\/\/linkedin.com\/company\/ostec-security\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/ostec.blog\/#\/schema\/person\/882afa77ea19c38d090f993830060c3c\",\"name\":\"Alejandra Villanueva\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/ostec.blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4ceb189ebb529d4de28f3ab2a156fb63?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4ceb189ebb529d4de28f3ab2a156fb63?s=96&d=mm&r=g\",\"caption\":\"Alejandra Villanueva\"},\"sameAs\":[\"https:\/\/www.ostec.com.br\"],\"url\":\"https:\/\/ostec.blog\/es\/author\/alejandra-villanueva\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler - OSTEC | Seguran\u00e7a digital de resultados","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/","og_locale":"es_ES","og_type":"article","og_title":"CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler - OSTEC | Seguran\u00e7a digital de resultados","og_description":"CVE-2024-43202 es una vulnerabilidad cr\u00edtica descubierta en Apache DolphinScheduler, un popular sistema de programaci\u00f3n de tareas ampliamente utilizado en entornos corporativos para gestionar flujos de trabajo de Big Data. Esta falla, identificada como una vulnerabilidad de inyecci\u00f3n de c\u00f3digo, llama la atenci\u00f3n por su potencial de explotaci\u00f3n, que puede llevar a compromisos graves en los […]","og_url":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/","og_site_name":"OSTEC | Seguran\u00e7a digital de resultados","article_publisher":"https:\/\/www.facebook.com\/ostec","article_published_time":"2024-10-01T17:28:01+00:00","og_image":[{"width":928,"height":534,"url":"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg","type":"image\/jpeg"}],"author":"Alejandra Villanueva","twitter_card":"summary_large_image","twitter_creator":"@ostecsecurity","twitter_site":"@ostecsecurity","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#article","isPartOf":{"@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/"},"author":{"name":"Alejandra Villanueva","@id":"https:\/\/ostec.blog\/#\/schema\/person\/882afa77ea19c38d090f993830060c3c"},"headline":"CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler","datePublished":"2024-10-01T17:28:01+00:00","mainEntityOfPage":{"@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/"},"wordCount":368,"commentCount":0,"publisher":{"@id":"https:\/\/ostec.blog\/#organization"},"image":{"@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#primaryimage"},"thumbnailUrl":"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg","keywords":["cve"],"articleSection":["Gen\u00e9rico"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/","url":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/","name":"CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler - OSTEC | Seguran\u00e7a digital de resultados","isPartOf":{"@id":"https:\/\/ostec.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#primaryimage"},"image":{"@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#primaryimage"},"thumbnailUrl":"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg","datePublished":"2024-10-01T17:28:01+00:00","breadcrumb":{"@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#primaryimage","url":"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg","contentUrl":"https:\/\/ostec.blog\/wp-content\/uploads\/2024\/09\/CVE-2024-43202.jpg","width":928,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/ostec.blog\/es\/generico\/cve-2024-43202-vulnerabilidad-en-apache-dolphinscheduler\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"In\u00edcio","item":"https:\/\/ostec.blog\/es\/"},{"@type":"ListItem","position":2,"name":"CVE-2024-43202: Vulnerabilidad en Apache DolphinScheduler"}]},{"@type":"WebSite","@id":"https:\/\/ostec.blog\/#website","url":"https:\/\/ostec.blog\/","name":"OSTEC | Seguran\u00e7a digital de resultados","description":"Empresa especializada na oferta de produtos e servi\u00e7os de seguran\u00e7a digital.","publisher":{"@id":"https:\/\/ostec.blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ostec.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/ostec.blog\/#organization","name":"OSTEC Business Security","url":"https:\/\/ostec.blog\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/ostec.blog\/#\/schema\/logo\/image\/","url":"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/11\/logo_ostec_250.png","contentUrl":"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/11\/logo_ostec_250.png","width":251,"height":67,"caption":"OSTEC Business Security"},"image":{"@id":"https:\/\/ostec.blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ostec","https:\/\/x.com\/ostecsecurity","https:\/\/www.instagram.com\/ostecsecurity\/","https:\/\/linkedin.com\/company\/ostec-security"]},{"@type":"Person","@id":"https:\/\/ostec.blog\/#\/schema\/person\/882afa77ea19c38d090f993830060c3c","name":"Alejandra Villanueva","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/ostec.blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4ceb189ebb529d4de28f3ab2a156fb63?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4ceb189ebb529d4de28f3ab2a156fb63?s=96&d=mm&r=g","caption":"Alejandra Villanueva"},"sameAs":["https:\/\/www.ostec.com.br"],"url":"https:\/\/ostec.blog\/es\/author\/alejandra-villanueva\/"}]}},"_links":{"self":[{"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/posts\/20715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/comments?post=20715"}],"version-history":[{"count":0,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/posts\/20715\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/media\/20706"}],"wp:attachment":[{"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/media?parent=20715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/categories?post=20715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/tags?post=20715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}