GHSA-vjqc-g788-f378

Source

https://github.com/advisories/GHSA-vjqc-g788-f378

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-vjqc-g788-f378/GHSA-vjqc-g788-f378.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-vjqc-g788-f378

Aliases

CVE-2023-50270

Published

2024-02-20T12:31:00Z

Modified

2024-11-30T05:32:39.812653Z

Summary

Session Fixation Apache DolphinScheduler

Details

Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-613"
    ],
    "severity": "MODERATE",
    "nvd_published_at": "2024-02-20T10:15:08Z",
    "github_reviewed_at": "2024-02-21T00:21:28Z"
}

References

Affected packages

Maven / org.apache.dolphinscheduler:dolphinscheduler

Package

Name: org.apache.dolphinscheduler:dolphinscheduler; View open source insights on deps.dev
Purl: pkg:maven/org.apache.dolphinscheduler/dolphinscheduler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.3.8

Fixed

3.2.1

Affected versions

1.*

1.3.8

1.3.9

2.*

2.0.0-alpha

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

3.*

3.0.0-alpha

3.0.0-beta-1

3.0.0-beta-2

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-vjqc-g788-f378/GHSA-vjqc-g788-f378.json"