Lucene search

ApacheCVELIST:CVE-2023-24829

HistoryJan 31, 2023 - 9:22 a.m.

CVE-2023-24829 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench

2023-01-3109:22:41

CWE-863

apache

www.cve.org

cve-2023-24829

apache iotdb workbench

incorrect authorization

vulnerability

apache software foundation

iotdb

iotdb-web-workbench

forge

jwttoken

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.6%

JSON

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.

This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache IoTDB Workbench",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "0.13.3",
        "status": "affected",
        "version": "0.13.0",
        "versionType": "custom"
      }
    ]
  }
]

References

lists.apache.org/thread/l0b59hh046tyn4gqot0bdrpg8gxlksmo