CVE-2023-24831 – apache-iotdb

Package

Manager: pip
Name: apache-iotdb
Vulnerable Version: >=0.13.0 <0.13.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00123 pctl0.32218

Details

Apache IoTDB Grafana Connector vulnerable to Improper Authentication Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3. Attackers could log in without authorization. This is fixed in 0.13.4.

Metadata

Created: 2023-04-17T09:30:24Z
Modified: 2024-09-12T19:12:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-pvjv-386f-c8wh/GHSA-pvjv-386f-c8wh.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-pvjv-386f-c8wh
Finding: F039
Auto approve: 1