CVE-2022-38370

CWE-862 — Missing Authorization4 documents4 sources

Severity

7.5HIGH

EPSS

0.9%

top 24.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Iotdb Apache Iotdb

Timeline

PublishedSep 5

Latest updateSep 6

Description

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.iotdb:iotdb-grafana-connector< 0.13.1

▶NVDapache/iotdb0.13.0

▶CVEListV5apache_software_foundation/apache_iotdb0.13.0

🔴Vulnerability Details

OSV

Apache IoTDB grafana-connector contains an interface without authorization↗2022-09-06

▶

GHSA

Apache IoTDB grafana-connector contains an interface without authorization↗2022-09-06

▶

CVEList

No authorization of DatabaseConnectController in grafana-connector.↗2022-09-05

▶