Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.
This issue affects Apache DolphinScheduler: before 3.2.0.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 29 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache dolphinscheduler |
|
CPEs | cpe:2.3:a:apache:dolphinscheduler:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:apache:dolphinscheduler:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:apache:dolphinscheduler:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:dolphinscheduler:1.3.9:*:*:*:*:*:*:* cpe:2.3:a:apache:dolphinscheduler:2.0.9:*:*:*:*:*:*:* cpe:2.3:a:apache:dolphinscheduler:3.0.6:*:*:*:*:*:*:* cpe:2.3:a:apache:dolphinscheduler:3.1.9:*:*:*:*:*:*:* cpe:2.3:a:apache:dolphinscheduler:3.2.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Apache
Apache dolphinscheduler |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-02-20T10:00:06.733Z
Updated: 2024-11-29T15:29:23.802Z
Reserved: 2023-11-24T11:02:09.324Z
Link: CVE-2023-49250
Vulnrichment
Updated: 2024-08-02T21:53:44.724Z
NVD
Status : Awaiting Analysis
Published: 2024-02-20T10:15:08.040
Modified: 2024-11-29T16:15:07.953
Link: CVE-2023-49250
Redhat
No data.