Apache IoTDB Grafana Connector vulnerable to Improper Authentication

GHSA-pvjv-386f-c8wh · CVE-2023-24831 · PYSEC-2023-7

Published Apr 17, 2023 · Modified Sep 12, 2024

Description

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3.

Attackers could log in without authorization. This is fixed in 0.13.4.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-24831
PACKAGE https://github.com/apache/iotdb
WEB https://github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2023-7.yaml
WEB https://lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes