CVE-2023-24831: Apache IoTDB Grafana Connector vulnerable to Improper Authentication

April 17, 2023 (updated September 12, 2024)

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3.

Attackers could log in without authorization. This is fixed in 0.13.4.

References

github.com/advisories/GHSA-pvjv-386f-c8wh
github.com/apache/iotdb
github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2023-7.yaml
lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l
nvd.nist.gov/vuln/detail/CVE-2023-24831

Code Behaviors & Features

Detect and mitigate CVE-2023-24831 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →