Apache Software Foundation Apache Iotdb Workbench vulnerabilities

CVE-2024-36448 [HIGH] CWE-918 CVE-2024-36448: ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Wor ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. N

CVE-2023-30771 [CRITICAL] CWE-863 CVE-2023-30771: Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

CVE-2023-24829 [HIGH] CWE-863 CVE-2023-24829: Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.

CVE-2023-24830 [HIGH] CWE-287 CVE-2023-24830: Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.