Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.
This issue affects Apache DolphinScheduler: before 3.2.0.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
CVSS
No CVSS.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2024-02-20T10:00:06.733Z
Updated: 2024-02-20T10:00:06.733Z
Reserved: 2023-11-24T11:02:09.324Z
Link: CVE-2023-49250
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-02-20T10:15:08.040
Modified: 2024-02-20T19:50:53.960
Link: CVE-2023-49250
JSON object: View
Redhat Information
No data.
CWE