Lucene search
Veracode Vulnerability DatabaseVERACODE:45558HistoryFeb 21, 2024 - 8:34 a.m.
Session Fixation
2024-02-2108:34:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
session fixation
apache dolphinscheduler
logincontroller
vulnerability
session management
password change
Apache DolphinScheduler is vulnerable to Session Fixation. The vulnerability is due to to a lack of proper session management within LoginController.java. If a user changes their password, the old session is not deactivated.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dolphinscheduler-api | le | 3.2.0 | |
| dolphinscheduler-api | le | 3.2.0 |
References
www.openwall.com/lists/oss-security/2024/02/20/3
github.com/advisories/GHSA-vjqc-g788-f378
github.com/apache/dolphinscheduler/commit/12f8138167f8481f66d52775b510457f532b56e4
github.com/apache/dolphinscheduler/pull/15219
lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
www.openwall.com/lists/oss-security/2024/02/20/3
Related
nvd
nvd
CVE-2023-50270
2024-02-20 10:15:08
cnvd
cnvd
Apache DolphinScheduler Security Bypass Vulnerability
2024-03-14 00:00:00
osv
osv
Session Fixation Apache DolphinScheduler
2024-02-20 12:31:00
CVE-2023-50270
2024-02-20 10:15:08
prion
prion
Session fixation
2024-02-20 10:15:00
cvelist
cvelist
github
github
Session Fixation Apache DolphinScheduler
2024-02-20 12:31:00
cve
cve
CVE-2023-50270
2024-02-20 10:15:08