UNSUPPORTED: Apache IoTDB Workbench SVRF Vulnerability Affects Retired Product
CVE-2024-36448
7.3HIGH
What is CVE-2024-36448?
A Server-Side Request Forgery (SSRF) vulnerability exists in the Apache IoTDB Workbench, specifically beginning from version 0.13.0. This issue arises due to a lack of adequate input validation, permitting attackers to craft requests to internal systems and potentially expose sensitive information. As Apache IoTDB Workbench is an unsupported project, no patches or updates are planned to mitigate this vulnerability. Users are advised to either seek alternative solutions or enforce strict access controls to limit exposure to trusted users only.
Affected Version(s)
Apache IoTDB Workbench 0.13.0