oss-sec mailing list archives

CVE-2023-24829: Apache IoTDB: apache/iotdb-web-workbench: forge the JWTToken to access workbench

From: Jialin Qiao <qiaojialin () apache org>
Date: Mon, 30 Jan 2023 15:41:45 +0000

Description:

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB iotdb-web-workbench.This issue affects 
users' access to the system without authorization.

This CVE is fixed in iotdb-web-workbench tag v0.13.3.

References:

https://iotdb.apache.org/
https://iotdb.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-24829

Current thread:

CVE-2023-24829: Apache IoTDB: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao (Jan 30)