CVE-2022-38369

Published: Sep 5, 2022
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-38369" target="_blank" rel="noopener"> CVE-2022-38369
GHSA: <a href="https://github.com/advisories/GHSA-g6vm-3ch8-c6jq" target="_blank" rel="noopener"> GHSA-g6vm-3ch8-c6jq
Severity: High
Exploit:

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
apache / iotdb	0.13.0	0.13.0.x
org.apache.iotdb / iotdb-server	-	0.13.1
apache-iotdb	-	0.13.1