oss-sec mailing list archives
CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
From: Jialin Qiao <qiaojialin () apache org>
Date: Sun, 16 Apr 2023 02:48:14 +0000
Severity: low Description: Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards. References: https://iotdb.apache.org https://www.cve.org/CVERecord?id=CVE-2023-30771
Current thread:
- CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao (Apr 16)