GHSA-5fc3-pqf2-57cx

Source

https://github.com/advisories/GHSA-5fc3-pqf2-57cx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-5fc3-pqf2-57cx/GHSA-5fc3-pqf2-57cx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5fc3-pqf2-57cx

Aliases

CVE-2025-26864

Published

2025-05-14T12:31:11Z

Modified

2025-05-15T18:42:12.654521Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N CVSS Calculator

Summary

Apache IoTDB Discloses Sensitive Information via Log Files

Details

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.

This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.

Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.

Database specific

{
    "nvd_published_at": "2025-05-14T11:16:28Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-15T17:21:23Z"
}

References

Affected packages

Maven / org.apache.iotdb:node-commons

Package

Name: org.apache.iotdb:node-commons; View open source insights on deps.dev
Purl: pkg:maven/org.apache.iotdb/node-commons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.10.0

Fixed

1.3.4

Affected versions

0.*

0.14.0-preview1

0.14.0-preview2

0.14.0-preview3

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.2.2

1.3.0

1.3.1

1.3.2

1.3.3

Maven / org.apache.iotdb:node-commons

Package

Name: org.apache.iotdb:node-commons; View open source insights on deps.dev
Purl: pkg:maven/org.apache.iotdb/node-commons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.1-beta

Fixed

2.0.2

Affected versions

2.*

2.0.1-beta