CVE-2022-38370
No authorization of DatabaseConnectController in grafana-connector.
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
05 sep 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
Productos afectados
Apache Software Foundation · Apache IoTDB