Moderate severityNVD Advisory· Updated Aug 3, 2024
Login check vulnerability by session Id
CVE-2022-38369
Description
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.iotdb:iotdb-serverMaven | < 0.13.1 | 0.13.1 |
apache-iotdbPyPI | < 0.13.1 | 0.13.1 |
Affected products
1- Apache Software Foundation/Apache IoTDBv5Range: 0.13.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-g6vm-3ch8-c6jqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-38369ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/09/05/1ghsamailing-listx_refsource_MLISTWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2022-43069.yamlghsaWEB
- lists.apache.org/thread/7nk03ywvx3t3yjbcxzt7zy4nyc89y9b0ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.