exploitDog

CVE-2023-50270

Опубликовано: 20 фев. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

Ссылки

https://github.com/apache/dolphinscheduler/pull/15219
Issue Tracking
Patch
https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
Vendor Advisory
https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
Vendor Advisory
https://www.openwall.com/lists/oss-security/2024/02/20/3
Mailing List
Third Party Advisory
https://github.com/apache/dolphinscheduler/pull/15219
Issue Tracking
Patch
https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
Vendor Advisory
https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
Vendor Advisory
https://www.openwall.com/lists/oss-security/2024/02/20/3
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*

Версия от 1.3.8 (включая) до 3.2.1 (исключая)

EPSS

Процентиль: 74%

0.00799

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-613

CWE-384

Связанные уязвимости

GHSA-vjqc-g788-f378

github

почти 2 года назад

Session Fixation Apache DolphinScheduler

EPSS

Процентиль: 74%

0.00799

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-613

CWE-384