exploitDog

CVE-2023-30771

Опубликовано: 17 апр. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.

This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

Ссылки

http://www.openwall.com/lists/oss-security/2023/04/18/7
Mailing List
https://lists.apache.org/thread/08nc3dr6lshfppx0pzmz5vbggdnzpojb
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/04/18/7
Mailing List
https://lists.apache.org/thread/08nc3dr6lshfppx0pzmz5vbggdnzpojb
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:iotdb_web_workbench:0.13.3:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00326

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-787r-6wxc-cg5f

CVSS3: 9.8

github

почти 3 года назад

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

EPSS

Процентиль: 55%

0.00326

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863