GHSA-vjqc-g788-f378
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vjqc-g788-f378
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-vjqc-g788-f378/GHSA-vjqc-g788-f378.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vjqc-g788-f378
- Aliases
- Published
- 2024-02-20T12:31:00Z
- Modified
- 2024-11-30T05:26:37.615764Z
- Summary
- Session Fixation Apache DolphinScheduler
- Details
-
Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change.
Users are recommended to upgrade to version 3.2.1, which fixes this issue.
- Database specific
{ "nvd_published_at": "2024-02-20T10:15:08Z", "cwe_ids": [ "CWE-613" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-21T00:21:28Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-50270
- https://github.com/apache/dolphinscheduler/pull/15219
- https://github.com/apache/dolphinscheduler
- https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
- https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
- https://www.openwall.com/lists/oss-security/2024/02/20/3
- http://www.openwall.com/lists/oss-security/2024/02/20/3
Affected packages
Maven / org.apache.dolphinscheduler:dolphinscheduler
Package
- Name
- org.apache.dolphinscheduler:dolphinscheduler
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.dolphinscheduler/dolphinscheduler