PyPI: apache-iotdb
CVE-2023-24831
Safety vulnerability ID: SFTY-20230417-10188
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3. Attackers could log in without authorization. This is fixed in 0.13.4.
Overview
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Advisory
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
How to Fix
Upgrade
apache-iotdb
to0.13.5
or higher.Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20230417-10188/CVE-2023-24831
- https://nvd.nist.gov/vuln/detail/CVE-2023-24831
- https://lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2023-7.yaml
- https://github.com/advisories/GHSA-pvjv-386f-c8wh
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more