Lucene search
HistorySep 05, 2022 - 10:15 a.m.
CVE-2022-38370
apache
iotdb
grafana-connector
v0.13.0
security
cve-2022-38370
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
47.7%
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
Affected configurations
Node
apacheiotdbRangeβ€0.13.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:iotdb | apache iotdb | eq | 0.13.0 |
CNA Affected
[
{
"product": "Apache IoTDB",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.13.0"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
github
github
Apache IoTDB grafana-connector contains an interface without authorization
2022-09-06 00:00:27
cnvd
cnvd
Apache IoTDB Access Control Error Vulnerability
2022-09-07 00:00:00
veracode
veracode
Authorization Bypass
2022-09-06 03:54:14
prion
prion
Authorization
2022-09-05 10:15:00
nvd
nvd
CVE-2022-38370
2022-09-05 10:15:09
osv
osv
Apache IoTDB grafana-connector contains an interface without authorization
2022-09-06 00:00:27
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
47.7%
Related for CVE-2022-38370