CVE-2023-50270

CWE-613 — Insufficient Session Expiration CWE-3844 documents4 sources

Severity

6.5MEDIUM

EPSS

1.0%

top 22.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Dolphinscheduler Apache Software Foundation Apache Dolphinscheduler

Timeline

PublishedFeb 20

Description

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages3 packages

▶NVDapache/dolphinscheduler1.3.8 — 3.2.1

▶Mavenorg.apache.dolphinscheduler:dolphinscheduler1.3.8 — 3.2.1

▶CVEListV5apache_software_foundation/apache_dolphinscheduler1.3.8 — 3.2.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Session Fixation Apache DolphinScheduler↗2024-02-20

▶

OSV

Session Fixation Apache DolphinScheduler↗2024-02-20

▶

CVEList

Apache DolphinScheduler: Session do not expire after password change↗2024-02-20

▶