iotdb-session-0-10-1 (>=0.1.0 <=0.1.5) potentially affected by CVE-2022-38369 via apache-iotdb (=0.10.1)

apache-iotdb PYPI version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - iotdb-session-0-10-1 =0.1.0, =0.1.5 Source cves: CVE-2022-38369 Source advisory: OSV:GHSA-G6VM-3CH8-C6JQ...

CVE-2022-38369

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38369

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38370

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

PYSEC-2022-43069

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

PYSEC-2022-43069

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

iotdb-session-0-10-1 (>=0.1.0 <=0.1.5) potentially affected by CVE-2022-38369 via apache-iotdb (=0.10.1)

apache-iotdb PYPI version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - iotdb-session-0-10-1 =0.1.0, =0.1.5 Source cves: CVE-2022-38369 Source advisory: OSV:PYSEC-2022-43069...

PYSEC-2022-43070

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38370 No authorization of DatabaseConnectController in grafana-connector.

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38369 Login check vulnerability by session Id

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

PT-2022-24391 · Apache · Apache Iotdb

Name of the Vulnerable Software and Affected Versions: Apache IoTDB version 0.13.0 Description: The issue is related to a session id attack. Users should upgrade to version 0.13.1 to address this issue. Recommendations: For Apache IoTDB version 0.13.0, upgrade to version 0.13.1 to resolve the iss...

PT-2022-24393 · Apache · Apache Iotdb Grafana-Connector

Name of the Vulnerable Software and Affected Versions: Apache IoTDB grafana-connector version 0.13.0 Description: The issue is related to an interface without authorization in the Apache IoTDB grafana-connector, which may expose the internal structure of a database. Recommendations: For Apache...

Apache IoTDB 授权问题漏洞

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache Foundation that provides data collection, storage, and analysis services, etc. An authorization issue vulnerability exists in Apache IoTDB version 0.13.0, which stems from vulnerability to session i...

GHSA-WC6F-CJCP-CC33 Improper Certificate Validation in Apache IoTDB

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

Improper Certificate Validation in Apache IoTDB

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

Code injection

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...