CVE-2022-38370
No authorization of DatabaseConnectController in grafana-connector.
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
05 Sep 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
Affected products
Apache Software Foundation · Apache IoTDB