{"schema_version": "1.6.1", "id": "CVE-2023-24829", "summary": "apache/iotdb-web-workbench: forge the JWTToken to access workbench", "details": "Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.\n\nThis problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.\n\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0.13.0"}, {"fixed": "0.13.3"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/l0b59hh046tyn4gqot0bdrpg8gxlksmo"}]}