CVE-2025-26864 Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...

CVE-2025-26864 Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...

CVE-2025-26795 Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and...

CVE-2025-26795

CVE-2025-26795 affects Apache IoTDB JDBC driver (iotdb-jdbc) versions 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. Root cause: insertion of sensitive information into log files, leading to exposure to unauthorized actors. Impact is High confidentiality (C:H, I/N/A:N). Affected component is iotdb-jdb...

CVE-2025-26795 Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and...

CVE-2024-24780

CVE-2024-24780 describes a Remote Code Execution flaw in Apache IoTDB via untrusted UDF (user-defined function) registration. An attacker with the privilege to create UDFs can register a malicious function from an untrusted URI, leading to code execution. Affected products/versions: IoTDB 1.0.0 u...

CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

PT-2025-21136 · Apache · Iotdb-Jdbc

Name of the Vulnerable Software and Affected Versions: iotdb-jdbc versions 0.10.0 through 1.3.3 iotdb-jdbc versions 2.0.1-beta through 2.0.2 Description: The issue is related to the exposure of sensitive information to an unauthorized actor and the insertion of sensitive information into log file...

PT-2025-21137 · Apache · Apache Iotdb

Name of the Vulnerable Software and Affected Versions: Apache IoTDB versions 0.10.0 through 1.3.3 Apache IoTDB versions 2.0.1-beta through 2.0.2 Description: The issue is related to the exposure of sensitive information to an unauthorized actor and the insertion of sensitive information into log...

Apache IoTDB 日志信息泄露漏洞

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache USA Foundation that provides data collection, storage, and analysis services, among other things. A log information disclosure vulnerability exists in Apache IoTDB versions 0.10.0 through 1.3.3 and...

CVE-2023-51656

Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...

CVE-2023-46226

Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue...

CVE-2023-30771

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...

Apache IoTDB Server-Side Request Forgery Vulnerability

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache USA Foundation, which provides data collection, storage, and analysis services, among other things. Apache IoTDB suffers from a server-side request forgery vulnerability that stems from the product'...

CVE-2024-36448

Apache IoTDB Workbench is affected by a Server-Side Request Forgery (SSRF) vulnerability. Affects versions 0.13.0 and later; attackers can access the local network. The project is retired and no fix will be released; users should restrict access to trusted users or seek alternatives as a temporar...

CVE-2024-36448 Apache IoTDB Workbench: SSRF Vulnerability (EOL)

UNSUPPORTED WHEN ASSIGNED Server-Side Request Forgery SSRF vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restri...

CVE-2024-36448 Apache IoTDB Workbench: SSRF Vulnerability (EOL)

UNSUPPORTED WHEN ASSIGNED Server-Side Request Forgery SSRF vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restri...

Remote Code Execution

Apache IoTDB is vulnerable to Remote Code Execution. The vulnerability is due to the UDF component, which allows an attacker execute arbitrary code...

GHSA-RXGG-273W-RFW7 Remote Code Execution vulnerability in Apache IoTDB via UDF

Remote Code Execution vulnerability in Apache IoTDB. This issue affects Apache IoTDB from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue...