Lucene search

[email protected]NVD:CVE-2023-24831

HistoryApr 17, 2023 - 7:15 a.m.

CVE-2023-24831

2023-04-1707:15:07

CWE-287

[email protected]

web.nvd.nist.gov

apache iotdb

grafana connector

improper authentication

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.8%

JSON

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3.

Attackers could login without authorization. This is fixed in 0.13.4.

Affected configurations

NVD

Node

apacheiotdbRange0.13.0–0.13.3

References

lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for NVD:CVE-2023-24831

cvelist1 veracode1 github1 cve1 osv2 prion1