{"id":"CVE-2023-50270","details":"Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue.","aliases":["GHSA-vjqc-g788-f378"],"modified":"2026-04-12T09:36:42.592674Z","published":"2024-02-20T10:15:08.140Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2024/02/20/3"},{"type":"FIX","url":"https://github.com/apache/dolphinscheduler/pull/15219"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/dolphinscheduler","events":[{"introduced":"cacf0ca080c7e7dab9f78031e665024bbce8776d"},{"fixed":"8a4f111fd4e0173e25d2fd56cbbfff893d4c690d"}],"database_specific":{"extracted_events":[{"introduced":"1.3.8"},{"fixed":"3.2.1"}],"cpe":"cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50270.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}