CVE-2022-38370

HIGH

Apache IoTDB grafana-connector <0.13.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.

References (2)

Core 2
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/kcpqgstvgf8sxy9ktxm1836nlwc8xy3j
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/09/05/2

Scores

CVSS v3 7.5
EPSS 0.0092
EPSS Percentile 76.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-862
Status published
Products (2)
apache/iotdb 0.13.0
org.apache.iotdb/iotdb-grafana-connector 0 - 0.13.1Maven
Published Sep 05, 2022
Tracked Since Feb 18, 2026