CVE-2023-50270

Published: Feb 20, 2024
Updated: May 4, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-50270" target="_blank" rel="noopener"> CVE-2023-50270
GHSA: <a href="https://github.com/advisories/GHSA-vjqc-g788-f378" target="_blank" rel="noopener"> GHSA-vjqc-g788-f378
Severity: Medium
Exploit:

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

No technical information available.

CWEs:

OWASP TOP 10:

Software	From	Fixed in
org.apache.dolphinscheduler / dolphinscheduler	1.3.8	3.2.1
apache / dolphinscheduler	1.3.8	3.2.1