Lucene search

[email protected]NVD:CVE-2024-36448

HistoryAug 05, 2024 - 10:15 a.m.

CVE-2024-36448

2024-08-0510:15:32

CWE-918

[email protected]

web.nvd.nist.gov

apache

iotdb

workbench

0.13.0

server-side request forgery

vulnerability

retired project

unsupported

trusted users

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

27.5%

JSON

UNSUPPORTED WHEN ASSIGNED Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench.

This issue affects Apache IoTDB Workbench: from 0.13.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected configurations

Nvd

Node

apacheiotdb_workbenchRange0.13.0≥

VendorProductVersionCPE
apacheiotdb_workbench*cpe:2.3:a:apache:iotdb_workbench:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	iotdb_workbench	*	cpe:2.3:a:apache:iotdb_workbench::::::::

References

lists.apache.org/thread/d19p0vsm7nogp43q9m3tzm5jl6mzjj1x

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

27.5%

JSON

Related for NVD:CVE-2024-36448

vulnrichment1 cvelist1 cve1