CVE-2023-50270
published 2024-02-20CVE-2023-50270: Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.
Users are recommended to upgrade to version 3.2.1, which fixes this issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | dolphinscheduler | >= 1.3.8 < 3.2.1 | 3.2.1 |
| apache_software_foundation | apache_dolphinscheduler | 1.3.8 – 3.2.0 | — |