Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.
Users are recommended to upgrade to version 3.2.1, which fixes this issue.
Severity: important
Affected versions:
- Apache DolphinScheduler 138 through 320
Description:
Session Fixation Apache DolphinScheduler before version 320, which session is still valid after the password change
Users are recommended to upgrade to version 321, which fixes this issue
Credit:
lujiefsi (finder)
References:
git ...