← back
CVE-2022-38370

No authorization of DatabaseConnectController in grafana-connector.

EPSS 1.1%
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
Affected products
Apache Software Foundation · Apache IoTDB

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.apache.org/thread/kcpqgstvgf8sxy9ktxm1836nlwc8xy3jhttp://www.openwall.com/lists/oss-security/2022/09/05/2