CVE-2023-30771

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 49.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Iotdb Workbench Apache Iotdb WEB Workbench

Timeline

PublishedApr 17

Description

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5apache_software_foundation/apache_iotdb_workbench0.13.3 — 0.13.4

▶NVDapache/iotdb_web_workbench0.13.3

🔴Vulnerability Details

GHSA

GHSA-787r-6wxc-cg5f: Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB↗2023-04-17

▶

CVEList

Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench↗2023-04-17

▶

OSV

CVE-2023-30771: Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB↗2023-04-17

▶