CVE-2023-50270

2024-02-2010:15:08

CWE-613

[email protected]

web.nvd.nist.gov

3203

cve

2023

50270

session fixation

apache dolphinscheduler

password change

upgrade

nvd

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

Affected configurations

Vulners

Node

apachedolphinschedulerRange≤3.2.0

CNA Affected

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.dolphinscheduler:dolphinscheduler-api",
    "product": "Apache DolphinScheduler",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "3.2.0",
        "status": "affected",
        "version": "1.3.8",
        "versionType": "semver"
      }
    ]
  }
]