Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2019-20933
HistoryNov 20, 2020 - 6:22 p.m.

CVE-2019-20933

2020-11-2018:22:58
redhat.com
access.redhat.com
12
influxdb
authentication bypass
jwt
escalating privileges
security flaw

EPSS

0.069

Percentile

94.1%

JSON

An authentication bypass vulnerability was found in InfluxDB. By default, when using JWT authentication, InfluxDB does not generate a signing secret or state in the documentation that a JWT secret must be generated. If InfluxDB is left in the default state, this flaw allows an attacker to generate their own JWT token and log into the InfluxDBinstance, potentially escalating privileges and gaining access to sensitive information.

Mitigation

For versions before 1.7.6, as per the documentation updated by influxdb, ensure that a default shared-secret has be defined when enabling JWT authentication:

<https://docs.influxdata.com/influxdb/v1.8/administration/authentication_and_authorization/#1-add-a-shared-secret-in-your-influxdb-configuration-file&gt;

Versions including the fix will return an error if the secret is left empty.

Related

nessus 6
githubexploit 2
debiancve 1
osv 6
veracode 1
cve 1
ubuntu 1
openvas 3
cvelist 1
photon 5
cnvd 1
nuclei 1
debian 2
prion 1
github 1
ubuntucve 1
nvd 1
nessus
nessus
Photon OS 3.0: Influxdb PHSA-2020-3.0-0172
2020-12-10 00:00:00
Photon OS 2.0: Influxdb PHSA-2021-2.0-0308
2021-01-13 00:00:00
Debian DLA-2501-1 : influxdb security update
2020-12-21 00:00:00
githubexploit
githubexploit
Exploit for Improper Authentication in Influxdata Influxdb
2021-04-28 16:25:31
Exploit for Improper Authentication in Influxdata Influxdb
2021-07-24 11:12:13
debiancve
debiancve
CVE-2019-20933
2020-11-19 02:15:11
osv
osv
influxdb - security update
2021-01-01 00:00:00
influxdb - security update
2020-12-20 00:00:00
CVE-2019-20933
2020-11-19 02:15:11
veracode
veracode
Authentication Bypass
2019-04-05 02:59:11
cve
cve
CVE-2019-20933
2020-11-19 02:15:11
ubuntu
ubuntu
InfluxDB vulnerability
2022-05-31 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2501-1)
2020-12-21 00:00:00
Debian: Security Advisory (DSA-4823-1)
2021-01-03 00:00:00
Ubuntu: Security Advisory (USN-5451-1)
2022-06-02 00:00:00
cvelist
cvelist
CVE-2019-20933
2020-11-19 01:50:50
photon
photon
Critical Photon OS Security Update - PHSA-2020-0172
2020-12-07 00:00:00
Critical Photon OS Security Update - PHSA-2020-3.0-0172
2020-12-07 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0308
2021-01-06 00:00:00
cnvd
cnvd
InfluxDB authentication bypass vulnerability
2020-11-19 00:00:00
nuclei
nuclei
InfluxDB <1.7.6 - Authentication Bypass
2022-08-23 03:59:33
debian
debian
[SECURITY] [DSA 4823-1] influxdb security update
2021-01-01 18:47:55
[SECURITY] [DLA 2501-1] influxdb security update
2020-12-20 08:28:39
prion
prion
Authentication flaw
2020-11-19 02:15:00
github
github
Improper Authentication in InfluxDB
2021-05-18 18:22:05
ubuntucve
ubuntucve
CVE-2019-20933
2020-11-19 00:00:00
nvd
nvd
CVE-2019-20933
2020-11-19 02:15:11

EPSS

0.069

Percentile

94.1%

JSON
Related for RH:CVE-2019-20933
nessus6githubexploit2debiancve1osv6veracode1cve1ubuntu1openvas3cvelist1photon5cnvd1nuclei1debian2prion1github1ubuntucve1nvd1