Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.
This issue affects Apache DolphinScheduler: before 3.2.0.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
CVSS
No CVSS.
References
Configurations
No configuration.
History
20 Feb 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Feb 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-20 10:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-49250
Mitre link : CVE-2023-49250
CVE.ORG link : CVE-2023-49250
JSON object : View
Products Affected
No product.
CWE
CWE-295
Improper Certificate Validation