Lucene search
GitHub Advisory DatabaseGHSA-VJQC-G788-F378HistoryFeb 20, 2024 - 12:31 p.m.
Session Fixation Apache DolphinScheduler
2024-02-2012:31:00
CWE-613
GitHub Advisory Database
github.com
5
session fixation
apache dolphinscheduler
version 3.2.1
security issue
password change
upgrade
Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change.
Users are recommended to upgrade to version 3.2.1, which fixes this issue.
Affected configurations
Node
org.apache.dolphinscheduler\Matchdolphinscheduler
ORorg.apache.dolphinscheduler\Matchdolphinscheduler
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.dolphinscheduler:dolphinscheduler | ge | 1.3.8 | |
| org.apache.dolphinscheduler:dolphinscheduler | lt | 3.2.1 |
References
www.openwall.com/lists/oss-security/2024/02/20/3
github.com/advisories/GHSA-vjqc-g788-f378
github.com/apache/dolphinscheduler/pull/15219
lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
nvd.nist.gov/vuln/detail/CVE-2023-50270
www.openwall.com/lists/oss-security/2024/02/20/3
Related
nvd
nvd
CVE-2023-50270
2024-02-20 10:15:08
cnvd
cnvd
Apache DolphinScheduler Security Bypass Vulnerability
2024-03-14 00:00:00
veracode
veracode
Session Fixation
2024-02-21 08:34:47
osv
osv
Session Fixation Apache DolphinScheduler
2024-02-20 12:31:00
CVE-2023-50270
2024-02-20 10:15:08
prion
prion
Session fixation
2024-02-20 10:15:00
cvelist
cvelist
cve
cve
CVE-2023-50270
2024-02-20 10:15:08