Session Fixation Apache DolphinScheduler

2024-02-2012:31:00

Google

osv.dev

session fixation

apache

dolphinscheduler

password change

upgrade

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

CPENameOperatorVersion
org.apache.dolphinscheduler:dolphinschedulereq3.0.1
org.apache.dolphinscheduler:dolphinschedulereq2.0.5
org.apache.dolphinscheduler:dolphinschedulereq2.0.2
org.apache.dolphinscheduler:dolphinschedulereq2.0.7
org.apache.dolphinscheduler:dolphinschedulereq2.0.0-alpha
org.apache.dolphinscheduler:dolphinschedulereq3.1.9
org.apache.dolphinscheduler:dolphinschedulereq3.1.3
org.apache.dolphinscheduler:dolphinschedulereq3.1.6
org.apache.dolphinscheduler:dolphinschedulereq3.1.5
org.apache.dolphinscheduler:dolphinschedulereq3.0.3

Name	Operator	Version
org.apache.dolphinscheduler:dolphinscheduler	eq	3.0.1
org.apache.dolphinscheduler:dolphinscheduler	eq	2.0.5
org.apache.dolphinscheduler:dolphinscheduler	eq	2.0.2
org.apache.dolphinscheduler:dolphinscheduler	eq	2.0.7
org.apache.dolphinscheduler:dolphinscheduler	eq	2.0.0-alpha
org.apache.dolphinscheduler:dolphinscheduler	eq	3.1.9
org.apache.dolphinscheduler:dolphinscheduler	eq	3.1.3
org.apache.dolphinscheduler:dolphinscheduler	eq	3.1.6
org.apache.dolphinscheduler:dolphinscheduler	eq	3.1.5
org.apache.dolphinscheduler:dolphinscheduler	eq	3.0.3