Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wdmp2LTM4NmYtYzh3aM4AAyz9
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3.
Attackers could log in without authorization. This is fixed in 0.13.4.
Permalink: https://github.com/advisories/GHSA-pvjv-386f-c8whJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wdmp2LTM4NmYtYzh3aM4AAyz9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-pvjv-386f-c8wh, CVE-2023-24831
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-24831
- https://lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l
- https://github.com/advisories/GHSA-pvjv-386f-c8wh
Affected Packages
maven:org.apache.iotdb:iotdb-grafana-connector
Dependent packages: 1Dependent repositories: 71
Downloads:
Affected Version Ranges: >= 0.13.0, < 0.13.4
Fixed in: 0.13.4
All affected versions: 0.13.0, 0.13.1, 0.13.2, 0.13.3
All unaffected versions: 0.13.4, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1