You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@iotdb.apache.org by Jialin Qiao <qi...@apache.org> on 2023/04/16 02:48:14 UTC

CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench

Severity: low

Description:

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.

This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

References:

https://iotdb.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-30771