Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
https://www.openwall.com/lists/oss-security/2024/02/20/3
https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
https://github.com/apache/dolphinscheduler/pull/15219
Source: Mitre, NVD
Published: 2024-02-20
Updated: 2025-03-18
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: Medium
EPSS: 0.01811