CVE-2023-50270

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-50270
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50270.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-50270
Aliases
Published
2024-02-20T10:15:08.140Z
Modified
2026-03-14T22:50:45.293671Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

References

Affected packages

Git / github.com/apache/incubator-dolphinscheduler

Affected ranges

Type
GIT
Repo
https://github.com/apache/incubator-dolphinscheduler
Events
Introduced
cacf0ca080c7e7dab9f78031e665024bbce8776d
Fixed
8a4f111fd4e0173e25d2fd56cbbfff893d4c690d
Database specific 
{
    "versions": [
        {
            "introduced": "1.3.8"
        },
        {
            "fixed": "3.2.1"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50270.json"