Apache IoTDB grafana-connector 0.13.0 Auth Bypass Exposes DB Schema
CVE-2022-38370 Published on September 5, 2022

No authorization of DatabaseConnectController in grafana-connector.
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.

NVD

Products Associated with CVE-2022-38370

Want to know whenever a new CVE is published for Apache Iotdb? stack.watch will email you.

Apache Iotdb

Affected Versions

Apache Software Foundation Apache IoTDB Version 0.13.0 is affected by CVE-2022-38370

Exploit Probability

EPSS

0.92%

Percentile

75.91%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Apache IoTDB grafana-connector 0.13.0 Auth Bypass Exposes DB SchemaCVE-2022-38370 Published on September 5, 2022

Products Associated with CVE-2022-38370

Affected Versions

Exploit Probability

Apache IoTDB grafana-connector 0.13.0 Auth Bypass Exposes DB Schema
CVE-2022-38370 Published on September 5, 2022