oss-sec mailing list archives
CVE-2022-38370: Apache IoTDB: No authorization of DatabaseConnectController in grafana-connector.
From: Haonan Hou <haonan () apache org>
Date: Mon, 05 Sep 2022 08:42:49 +0000
Description: Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
Current thread:
- CVE-2022-38370: Apache IoTDB: No authorization of DatabaseConnectController in grafana-connector. Haonan Hou (Sep 05)