oss-sec mailing list archives

CVE-2023-24831: Apache IoTDB grafana-connector Login Bypass Vulnerability

From: Jialin Qiao <qiaojialin () apache org>
Date: Sun, 16 Apr 2023 04:47:12 +0000

Severity: low

Description:

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB 
Grafana Connector: from 0.13.0 through 0.13.3.

Attackers could login without authorization. This is fixed in 0.13.4.

References:

https://iotdb.apache.org/
https://iotdb.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-24831

Current thread:

CVE-2023-24831: Apache IoTDB grafana-connector Login Bypass Vulnerability Jialin Qiao (Apr 16)