Apache DolphinScheduler Session Fixation Vulnerability
CVE-2023-50270

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 20 February 2024

🔔 Create Apache Vulnerability Alert

What is CVE-2023-50270?

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache DolphinScheduler 1.3.8 <= 3.2.0

References

https://github.com/apache/dolphinscheduler/pull/15219

patch

https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c...

vendor-advisory

https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708...

vendor-advisory

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Dec 6, 2023

Credit

lujiefsi

Qing Xu

JSON

Apache