Описание
Session Fixation Apache DolphinScheduler
Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change.
Users are recommended to upgrade to version 3.2.1, which fixes this issue.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-50270
- https://github.com/apache/dolphinscheduler/pull/15219
- https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
- https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
- https://www.openwall.com/lists/oss-security/2024/02/20/3
- http://www.openwall.com/lists/oss-security/2024/02/20/3
Пакеты
Наименование
org.apache.dolphinscheduler:dolphinscheduler
maven
Затронутые версииВерсия исправления
>= 1.3.8, < 3.2.1
3.2.1
Связанные уязвимости
CVSS3: 6.5
nvd
почти 2 года назад
Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.