Apache IoTDB could allow a remote attacker to obtain sensitive information, caused by improper authorization validation by the interface in the grafana-connector. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the internal structure information, and use this information to launch further attacks against the affected system.
Apache IoTDB could allow a remote attacker to hijack a user’s session. By persuading a victim to click on a specially-crafted Web site, an attacker could exploit this vulnerability to gain access to another user’s session.
Apache IoTDB 0.13.0
Upgrade to the latest version of Apache IoTDB, available from the Apache Web site.