CVE-2023-50270

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-50270

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50270.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-50270

Aliases

GHSA-vjqc-g788-f378

Published

2024-02-20T10:15:08.140Z

Modified

2026-04-12T09:36:42.592674Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

References

Affected packages

Git / github.com/apache/dolphinscheduler

Affected ranges

Type

GIT

Repo

https://github.com/apache/dolphinscheduler

Events

Introduced

cacf0ca080c7e7dab9f78031e665024bbce8776d

Fixed

8a4f111fd4e0173e25d2fd56cbbfff893d4c690d

Database specific

{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.3.8"
        },
        {
            "fixed": "3.2.1"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50270.json"