CVE-2023-24829

CVE-2023-24829: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench

Vendor Apache Software Foundation

Product Apache IoTDB Workbench

Weakness CWE-863 · Incorrect authorization

Published January 31, 2023

Last update March 27, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.

Key dates

Disclosure timeline

January 31, 2023 CVE published

March 27, 2025 Record updated