Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-06547
HistoryNov 19, 2020 - 12:00 a.m.

InfluxDB authentication bypass vulnerability

2020-11-1900:00:00
China National Vulnerability Database
www.cnvd.org.cn
9

EPSS

0.042

Percentile

92.3%

InfluxDB is an open source temporal database developed by InfluxData. An authentication bypass vulnerability exists in the authenticate function in services/httpd/handler.go in versions prior to InfluxDB 1.7.6. The vulnerability stems from the fact that JWT tokens may have an empty SharedSecret. An attacker could use this vulnerability to bypass authentication.