PT-2023-19810 · Apache · Apache Iotdb

Jialin Qiao

Published

2023-01-30

Updated

2025-03-28

CVE-2023-24830

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 0.13.0 through 0.13.2

Description The issue is related to an Improper Authentication vulnerability in the Apache Software Foundation Apache IoTDB, specifically affecting the iotdb-web-workbench component. This vulnerability may allow unauthorized access.

Recommendations For Apache IoTDB versions 0.13.0 through 0.13.2, update to version 0.13.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the iotdb-web-workbench component until a patch is applied.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2023-24830

GHSA-PP4W-9X82-6R47

PYSEC-2023-6

Affected Products

Apache Iotdb

PT-2023-19810 · Apache · Apache Iotdb

CVE-2023-24830

Weakness Enumeration

Related Identifiers

Affected Products

References · 9