PYSEC-2023-7

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2023-7.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2023-7

Aliases

CVE-2023-24831
GHSA-pvjv-386f-c8wh

Published

2023-04-17T07:15:00Z

Modified

2023-11-01T05:01:19.857762Z

Summary

[none]

Details

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3.

Attackers could login without authorization. This is fixed in 0.13.4.

References

https://lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l

Affected packages

PyPI / apache-iotdb

Package

Name: apache-iotdb; View open source insights on deps.dev
Purl: pkg:pypi/apache-iotdb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.13.0

Fixed

0.13.5

Affected versions

0.*

0.13.0

0.13.0.post1

0.13.1

0.13.2

0.13.3

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2023-7.yaml"