CVE-2023-50270

CVE-2023-50270: Apache DolphinScheduler: Session do not expire after password change

Vendor Apache Software Foundation

Product Apache DolphinScheduler

Weakness CWE-613 · Insufficient session expiration

Published February 20, 2024

Last update August 29, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.

Key dates

Disclosure timeline

February 20, 2024 CVE published

August 29, 2024 Record updated