Unverified Certificate Vulnerability in Apache DolphinScheduler

Unverified Certificate Vulnerability in Apache DolphinScheduler

CVE-2023-49250 · Severity

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.

Learn more about our Cis Benchmark Audit For Apache Http Server.