CVE-2023-50270: Insufficient Session Expiration

February 20, 2024 (updated February 21, 2024)

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

References

www.openwall.com/lists/oss-security/2024/02/20/3
github.com/advisories/GHSA-vjqc-g788-f378
github.com/apache/dolphinscheduler/pull/15219
lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
nvd.nist.gov/vuln/detail/CVE-2023-50270

Detect and mitigate CVE-2023-50270 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →