Lucene search
GitHub Advisory DatabaseGHSA-G6VM-3CH8-C6JQHistorySep 06, 2022 - 12:00 a.m.
Apache IoTDB Session Fixation vulnerability
2022-09-0600:00:27
CWE-384
GitHub Advisory Database
github.com
15
apache iotdb
session fixation
vulnerability
upgrade
software
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.6%
Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue.
Affected configurations
Node
apacheiotdbRange<0.13.1
ORorg.apache.iotdb\iotdbMatchserver
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache-iotdb | lt | 0.13.1 | |
| org.apache.iotdb:iotdb-server | lt | 0.13.1 |
Related
cve
cve
CVE-2022-38369
2022-09-05 10:15:09
veracode
veracode
Insecure Session Management
2022-09-06 11:15:15
cnvd
cnvd
Apache IoTDB Licensing Issue Vulnerability (CNVD-2022-69472)
2022-09-16 00:00:00
prion
prion
Session fixation
2022-09-05 10:15:00
nvd
nvd
CVE-2022-38369
2022-09-05 10:15:09
osv
osv
Apache IoTDB Session Fixation vulnerability
2022-09-06 00:00:27
cvelist
cvelist
CVE-2022-38369 Login check vulnerability by session Id
2022-09-05 09:50:09
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.6%
Related for GHSA-G6VM-3CH8-C6JQ