CVE-2023-24831

CWE-287 — Improper Authentication5 documents4 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 70.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Iotdb Apache Iotdb

Timeline

PublishedApr 17

Description

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶Mavenorg.apache.iotdb:iotdb-grafana-connector0.13.0 — 0.13.4

▶CVEListV5apache_software_foundation/apache_iotdb0.13.0 — 0.13.3

▶PyPIapache-iotdb0.13.0 — 0.13.5

▶NVDapache/iotdb0.13.0 — 0.13.3

🔴Vulnerability Details

OSV

CVE-2023-24831: Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB↗2023-04-17

▶

CVEList

Apache IoTDB grafana-connector Login Bypass Vulnerability↗2023-04-17

▶

OSV

Apache IoTDB Grafana Connector vulnerable to Improper Authentication↗2023-04-17

▶

GHSA

Apache IoTDB Grafana Connector vulnerable to Improper Authentication↗2023-04-17

▶