CVE-2023-50270 Information

Description

Session Fixation Apache DolphinScheduler before version 3.2.0 which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1 which fixes this issue.

Reference

https://github.com/apache/dolphinscheduler/pull/15219 https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6 http://www.openwall.com/lists/oss-security/2024/02/20/3