CVE-2023-24831

CRITICAL9.8EPSS 0.19%

Apache IoTDB Grafana Connector vulnerable to Improper Authentication

Published: 4/17/2023Modified: 9/12/2024

Description

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3. Attackers could log in without authorization. This is fixed in 0.13.4.

Affected packages (3)

Maven/org.apache.iotdb:iotdb-grafana-connector>= 0.13.0, < 0.13.4
PyPI/apache-iotdb>= 0.13.0, < 0.13.5
PyPI/apache-iotdb>= 0.13.0, < 0.13.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-24831
PATCHhttps://github.com/apache/iotdb
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2023-7.yaml
WEBhttps://lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l