Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
History

Fri, 29 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache dolphinscheduler
CPEs cpe:2.3:a:apache:dolphinscheduler:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:dolphinscheduler:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:dolphinscheduler:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:dolphinscheduler:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:dolphinscheduler:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:dolphinscheduler:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:dolphinscheduler:3.1.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:dolphinscheduler:3.2.0:*:*:*:*:*:*:*
Vendors & Products Apache
Apache dolphinscheduler
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-02-20T10:00:06.733Z

Updated: 2024-11-29T15:29:23.802Z

Reserved: 2023-11-24T11:02:09.324Z

Link: CVE-2023-49250

cve-icon Vulnrichment

Updated: 2024-08-02T21:53:44.724Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-20T10:15:08.040

Modified: 2024-11-29T16:15:07.953

Link: CVE-2023-49250

cve-icon Redhat

No data.