GHSA-5fc3-pqf2-57cx

Source

https://github.com/advisories/GHSA-5fc3-pqf2-57cx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-5fc3-pqf2-57cx/GHSA-5fc3-pqf2-57cx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5fc3-pqf2-57cx

Aliases

Published

2025-05-14T12:31:11Z

Modified

2025-07-02T14:56:54.527703Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N CVSS Calculator

Summary

Apache IoTDB Discloses Sensitive Information via Log Files

Details

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.

This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.

Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "github_reviewed_at": "2025-05-15T17:21:23Z",
    "nvd_published_at": "2025-05-14T11:16:28Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

Maven / org.apache.iotdb:node-commons

Package

Name: org.apache.iotdb:node-commons; View open source insights on deps.dev
Purl: pkg:maven/org.apache.iotdb/node-commons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.10.0

Fixed

1.3.4

Affected versions

0.*

0.14.0-preview1

0.14.0-preview2

0.14.0-preview3

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.2.2

1.3.0

1.3.1

1.3.2

1.3.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-5fc3-pqf2-57cx/GHSA-5fc3-pqf2-57cx.json"

Maven / org.apache.iotdb:node-commons

Package

Name: org.apache.iotdb:node-commons; View open source insights on deps.dev
Purl: pkg:maven/org.apache.iotdb/node-commons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.1-beta

Fixed

2.0.2

Affected versions

2.*

2.0.1-beta

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-5fc3-pqf2-57cx/GHSA-5fc3-pqf2-57cx.json"

PyPI / apache-iotdb

Package

Name: apache-iotdb; View open source insights on deps.dev
Purl: pkg:pypi/apache-iotdb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.10.0

Fixed

1.3.4

Affected versions

0.*

0.10.0

0.10.1

0.11.0

0.11.1

0.11.2

0.11.3

0.11.4

0.12.0

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.12.6

0.13.0

0.13.0.post1

0.13.1

0.13.2

0.13.3

0.13.5

0.13.5.1

0.14.0rc1

1.*

1.0.0

1.0.1

1.1.0

1.1.2

1.2.0

1.2.1

1.3.0

1.3.2

1.3.2.post0

1.3.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-5fc3-pqf2-57cx/GHSA-5fc3-pqf2-57cx.json"

PyPI / apache-iotdb

Package

Name: apache-iotdb; View open source insights on deps.dev
Purl: pkg:pypi/apache-iotdb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.1b0

Fixed

2.0.2

Affected versions

2.*

2.0.1b0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-5fc3-pqf2-57cx/GHSA-5fc3-pqf2-57cx.json"