Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
CVE-2023-30771
9.8CRITICAL
What is CVE-2023-30771?
An incorrect authorization vulnerability exists in the iotdb-web-workbench component of Apache IoTDB, affecting version 0.13.3. This component serves as a web console for database management but lacks proper authorization checks, potentially allowing unauthorized users to access secured functions. Users are advised to upgrade to version 0.13.4 or later to mitigate this security risk.
Affected Version(s)
Apache IoTDB Workbench 0.13.3 < 0.13.4