Apache · Apache Dolphinscheduler · CVE-2023-49250
**Name of the Vulnerable Software and Affected Versions**
Apache DolphinScheduler versions prior to 3.2.0
**Description**
The issue arises because the HttpUtils class did not verify certificates, allowing an attacker to perform a Man-in-the-Middle (MITM) attack on outgoing https connections and impersonate the server.
**Recommendations**
For versions prior to 3.2.0, upgrade to version 3.2.1, which fixes the issue. As a temporary workaround, consider restricting outgoing https connections to trusted servers to minimize the risk of exploitation.