oss-sec mailing list archives

CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench

From: Jialin Qiao <qiaojialin () apache org>
Date: Sun, 16 Apr 2023 02:48:14 +0000

Severity: low

Description:

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the 
iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console 
of the database.

This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

References:

https://iotdb.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-30771

Current thread:

CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao (Apr 16)
- Re: CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Seth Arnold (Apr 17)