Lucene search

[email protected]CVE-2023-30771

HistoryApr 17, 2023 - 8:15 a.m.

CVE-2023-30771

2023-04-1708:15:07

CWE-863

[email protected]

web.nvd.nist.gov

cve-2023-30771

apache

iotdb

authorization

vulnerability

nvd

security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.082 Low

EPSS

Percentile

94.4%

JSON

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.

This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

Affected configurations

Vulners

NVD

Node

apacheiotdb_web_workbenchRange≤0.13.4

CPENameOperatorVersion
apache:iotdb_web_workbenchapache iotdb web workbencheq0.13.3

CPE	Name	Operator	Version
apache:iotdb_web_workbench	apache iotdb web workbench	eq	0.13.3

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache IoTDB Workbench",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "0.13.4",
        "status": "affected",
        "version": "0.13.3",
        "versionType": "custom"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2023/04/18/7

lists.apache.org/thread/08nc3dr6lshfppx0pzmz5vbggdnzpojb

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.082 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2023-30771

prion1 cvelist1 osv2 nvd1