You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Jialin Qiao <qi...@apache.org> on 2023/01/30 15:41:45 UTC

CVE-2023-24829: Apache IoTDB: apache/iotdb-web-workbench: forge the JWTToken to access workbench

Description:

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB iotdb-web-workbench.This issue affects users' access to the system without authorization.

This CVE is fixed in iotdb-web-workbench tag v0.13.3.

References:

https://iotdb.apache.org/
https://iotdb.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-24829