Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-muzv-ckv6-rkfs
Vulnerability ID VCID-muzv-ckv6-rkfs
Aliases CVE-2023-24830
GHSA-pp4w-9x82-6r47
PYSEC-2023-6
Summary Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-287 Improper Authentication
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.01536 https://api.first.org/data/v1/epss?cve=CVE-2023-24830
epss 0.01536 https://api.first.org/data/v1/epss?cve=CVE-2023-24830
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-pp4w-9x82-6r47
cvssv3.1 7.5 https://github.com/apache/iotdb
generic_textual HIGH https://github.com/apache/iotdb
cvssv3.1 7.5 https://lists.apache.org/thread/l4fon37687jz5ohgsnz2ko9fv400915t
generic_textual HIGH https://lists.apache.org/thread/l4fon37687jz5ohgsnz2ko9fv400915t
ssvc Track https://lists.apache.org/thread/l4fon37687jz5ohgsnz2ko9fv400915t
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-24830
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-24830
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-24830
https://github.com/apache/iotdb
https://nvd.nist.gov/vuln/detail/CVE-2023-24830
GHSA-pp4w-9x82-6r47 https://github.com/advisories/GHSA-pp4w-9x82-6r47
l4fon37687jz5ohgsnz2ko9fv400915t https://lists.apache.org/thread/l4fon37687jz5ohgsnz2ko9fv400915t
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/apache/iotdb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread/l4fon37687jz5ohgsnz2ko9fv400915t
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-28T14:24:29Z/ Found at https://lists.apache.org/thread/l4fon37687jz5ohgsnz2ko9fv400915t
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-24830
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.81749
EPSS Score 0.01536
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:29:14.225726+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/24xxx/CVE-2023-24830.json 38.6.0