CVE-2023-50270
EPSS 1.0%Session Fixation Apache DolphinScheduler
Published: 2/20/2024Modified: 11/30/2024
Description
Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
Affected packages (1)
- Maven/org.apache.dolphinscheduler:dolphinscheduler>= 1.3.8, < 3.2.1
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-50270
- PATCHhttps://github.com/apache/dolphinscheduler
- WEBhttps://github.com/apache/dolphinscheduler/pull/15219
- WEBhttps://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
- WEBhttps://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
- WEBhttps://www.openwall.com/lists/oss-security/2024/02/20/3
- WEBhttp://www.openwall.com/lists/oss-security/2024/02/20/3