Vulnerability Description
Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Dolphinscheduler | >= 1.3.8, < 3.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/apache/dolphinscheduler/pull/15219Issue TrackingPatch
- https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6Vendor Advisory
- https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9rVendor Advisory
- https://www.openwall.com/lists/oss-security/2024/02/20/3Mailing ListThird Party Advisory
- https://github.com/apache/dolphinscheduler/pull/15219Issue TrackingPatch
- https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6Vendor Advisory
- https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9rVendor Advisory
- https://www.openwall.com/lists/oss-security/2024/02/20/3Mailing ListThird Party Advisory
FAQ
What is CVE-2023-50270?
CVE-2023-50270 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
How severe is CVE-2023-50270?
CVE-2023-50270 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-50270?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Dolphinscheduler.