320 matches found
CVE-2019-10329
Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10329
CVE-2019-10329 affects the Jenkins InfluxDB Plugin (versions 1.21 and earlier). The root cause is unencrypted credentials stored in the plugin’s global configuration file on the Jenkins master, allowing users with access to the master filesystem to view them. Impact is credential disclosure. Reme...
CVE-2019-10329
Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Authentication Bypass
github.com/influxdata/influxdb is vulnerable to authentication bypass. A remote attacker is able to bypass authentication and gain access to the application by submitting a blank shared secret in a BearerAuthentication...
PT-2019-5775 · Influxdata +3 · Influxdb +3
Name of the Vulnerable Software and Affected Versions: InfluxDB versions prior to 1.7.6 Description: The issue is related to an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go due to a JWT token having an empty SharedSecret. This allows a remote...
CVE-2018-1000816
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...
Cross-Site Scripting (XSS)
github.com/grafana/grafana is susceptible to cross-site scripting XSS. The vulnerability is possible because it does not escape the typeahead values in metric segment, query part and sql part in Influxdb and Graphite query editor...
CVE-2018-1000816
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...
Cross site scripting
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...
CVE-2018-1000816
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...
UBUNTU-CVE-2018-1000816
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...
CVE-2018-1000816
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...
CVE-2018-1000816
Grafana (versions 5.2.4 and 5.3.0) has an XSS vulnerability in the InfluxDB and Graphite query editor that can execute arbitrary JavaScript in a victim’s browser. Exploitation requires an authenticated user to click in the input field containing the payload; no remediation or patch details are pr...
CVE-2018-1000816
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...
com.accelerate-experience:storm-metrics-statsd (>=1.0.0 <=1.0.1), com.accelerate-experience:storm-rabbitmq (=1.0.0) +70 more potentially affected by CVE-2017-9799 via org.apache.storm:storm-core (>=1.0.0 <=1.0.3)
org.apache.storm:storm-core MAVEN version =1.0.0, =1.0.0, =0.1.0, =1.0, =1.0, =1.0, =1.3, =1.0, =1.0, =1.0, =1.0.0, =1.0.4 - com.github.ptgoetz:storm-jms =1.0.2 - com.github.ptgoetz:storm-signals =1.0.3 and more Source cves: CVE-2017-9799 Source advisory: OSV:GHSA-X825-RJWW-2245...
Cross-site Scripting (XSS)
github.com/grafana/grafana is vulnerable to cross-site scripting XSS attacks. The application does not sanitize user input to the Influxdb tag, allowing a malicious user to inject and execute arbitrary web script...
Denial Of Service (DoS) Through Infinite Loop
github.com/influxdata/influxdb is vulnerable to denial of service DoS attacks. An infinite loop can be triggered in the newFieldsFromBinary method if it is parsing a corrupt binary point...
Leakage Of Sensitive Data
github.com/influxdata/influxdb is vulnerable to leakage of sensitive data. The vulnerability is possible because passwords are revealed in clear text in influxhistory...
High Performance DoS Analyzer: FastNetMon
High Performance DoS Analyzer FastNetMon – A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines NetFlow, IPFIX, sFLOW, SnabbSwitch, netmap, PFRING, PCAP. What can we do? We can detect hosts in our networks sending or receiving large volumes of...
InfluxDB Enum Utility
This module enumerates databases on InfluxDB using the REST API using the default authentication of root:root. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'InfluxDB Enum Utility',...