Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization
CVE-2023-24830

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache IoTDB Workbench
Vendor: CVE Published:; 30 January 2023

Summary

An improper authentication vulnerability exists in the iotdb-web-workbench component of Apache IoTDB, affecting versions prior to 0.13.3. This flaw could allow unauthorized users to access restricted areas of the web workbench, potentially exposing sensitive data and resources.

Affected Version(s)

Apache IoTDB Workbench 0.13.0 < 0.13.3

References

https://lists.apache.org/thread/l4fon37687jz5ohgsnz2ko9fv...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jan 30, 2023