Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wdmp2LTM4NmYtYzh3aM4AAyz9
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3.
Attackers could log in without authorization. This is fixed in 0.13.4.
Permalink: https://github.com/advisories/GHSA-pvjv-386f-c8whJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wdmp2LTM4NmYtYzh3aM4AAyz9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 6 months ago
Updated: 5 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-pvjv-386f-c8wh, CVE-2023-24831
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-24831
- https://lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l
- https://github.com/advisories/GHSA-pvjv-386f-c8wh
Affected Packages
maven:org.apache.iotdb:iotdb-grafana-connector
Versions: >= 0.13.0, < 0.13.4Fixed in: 0.13.4