← voltar
CVE-2022-38370

No authorization of DatabaseConnectController in grafana-connector.

EPSS 1.1%
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 set 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.