PT-2025-21137 · Apache · Apache Iotdb
Kyler Katz
·
Published
2025-05-14
·
Updated
2025-05-15
·
CVE-2025-26864
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Apache IoTDB versions 0.10.0 through 1.3.3
Apache IoTDB versions 2.0.1-beta through 2.0.2
Description:
The issue is related to the exposure of sensitive information to an unauthorized actor and the insertion of sensitive information into log files in the OpenIdAuthorizer of Apache IoTDB.
Recommendations:
For Apache IoTDB versions 0.10.0 through 1.3.3, upgrade to version 1.3.4.
For Apache IoTDB versions 2.0.1-beta through 2.0.2, upgrade to version 2.0.2.
Fix
Information Disclosure
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Iotdb