CVE-2023-50270
EPSS 1.0%Session Fixation Apache DolphinScheduler
發布日:2024/2/20修改日:2024/11/30
描述
Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
受影響套件(1)
- Maven/org.apache.dolphinscheduler:dolphinscheduler>= 1.3.8, < 3.2.1
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-50270
- PATCHhttps://github.com/apache/dolphinscheduler
- WEBhttps://github.com/apache/dolphinscheduler/pull/15219
- WEBhttps://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
- WEBhttps://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
- WEBhttps://www.openwall.com/lists/oss-security/2024/02/20/3
- WEBhttp://www.openwall.com/lists/oss-security/2024/02/20/3