{"schema_version": "1.6.1", "id": "CVE-2023-30771", "summary": "apache/iotdb-web-workbench: forge the JWTToken to access workbench", "details": "Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.\n\nThis problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0.13.3"}, {"fixed": "0.13.4"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/08nc3dr6lshfppx0pzmz5vbggdnzpojb"}]}