CVE-2023-24831

CRITICAL9.8EPSS 0.19%

Apache IoTDB Grafana Connector vulnerable to Improper Authentication

發布日:2023/4/17修改日:2024/9/12

描述

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3. Attackers could log in without authorization. This is fixed in 0.13.4.

受影響套件(3)

Maven/org.apache.iotdb:iotdb-grafana-connector>= 0.13.0, < 0.13.4
PyPI/apache-iotdb>= 0.13.0, < 0.13.5
PyPI/apache-iotdb>= 0.13.0, < 0.13.5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-24831
PATCHhttps://github.com/apache/iotdb
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2023-7.yaml
WEBhttps://lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l