We found results for “”
CVE-2023-50270
Good to know:
Date: February 20, 2024
Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
Language: Java
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Insufficient Session Expiration
CWE-613Top Fix
Upgrade Version
Upgrade to version org.apache.dolphinscheduler:dolphinscheduler-api:3.2.1, org.apache.dolphinscheduler:dolphinscheduler-dao:3.2.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |