Apache DolphinScheduler Session Fixation Vulnerability
CVE-2023-50270

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 20 February 2024

Summary

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

Affected Version(s)

Apache DolphinScheduler 1.3.8 <= 3.2.0

References

https://github.com/apache/dolphinscheduler/pull/15219

https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c...

vendor-advisory

https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708...

vendor-advisory

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Dec 6, 2023

Credit

lujiefsi

Qing Xu

.