Unverified Certificate Vulnerability in Apache DolphinScheduler
CVE-2023-49250 · Severity
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
Learn more about our Cis Benchmark Audit For Apache Http Server.