UNSUPPORTED: Apache IoTDB Workbench SVRF Vulnerability Affects Retired Product
CVE-2024-36448

7.3HIGH

Key Information:

Vendor: Apache
Status: Apache Iotdb Workbench
Vendor: CVE Published:; 5 August 2024

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in the Apache IoTDB Workbench, specifically beginning from version 0.13.0. This issue arises due to a lack of adequate input validation, permitting attackers to craft requests to internal systems and potentially expose sensitive information. As Apache IoTDB Workbench is an unsupported project, no patches or updates are planned to mitigate this vulnerability. Users are advised to either seek alternative solutions or enforce strict access controls to limit exposure to trusted users only.

Affected Version(s)

Apache IoTDB Workbench 0.13.0

References

https://lists.apache.org/thread/d19p0vsm7nogp43q9m3tzm5jl...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2024
Vulnerability Reserved
May 28, 2024

Credit

L0ne1y