CVE-2023-24829: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
First published: Tue Jan 31 2023(Updated: )
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache IoTDB | >=0.13.0<0.13.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-24829.
What is the severity of CVE-2023-24829?
The severity of CVE-2023-24829 is high (8.8).
Which component is affected by this vulnerability?
The iotdb-web-workbench component from Apache IoTDB is affected by this vulnerability.
What is the affected version range of iotdb-web-workbench?
The affected version range of iotdb-web-workbench is from 0.13.0 to 0.13.3 (inclusive).
How can I fix this vulnerability?
You can fix this vulnerability by updating the iotdb-web-workbench component to version 0.13.3 or later.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/apache
- canonical/apache iotdb
- version/apache iotdb/0.13.0