Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-49250

Published: 20/02/2024 Updated: 20/02/2024

Vulnerability Summary

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: prior to 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.

References

CWE-295https://github.com/apache/dolphinscheduler/pull/15288https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qnhttp://www.openwall.com/lists/oss-security/2024/02/20/1https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook