Lucene search

K

Influxdata Security Vulnerabilities

cve
cve

CVE-2022-36640

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint,....

9.8CVSS

9.8AI Score

0.008EPSS

2022-09-02 09:15 PM
44
11
cve
cve

CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared...

9.8CVSS

9.4AI Score

0.042EPSS

2020-11-19 02:15 AM
128
7
cve
cve

CVE-2020-35187

The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank...

9.8CVSS

9.5AI Score

0.007EPSS

2020-12-17 01:15 AM
33
2
cve
cve

CVE-2018-17572

InfluxDB 0.9.5 has Reflected XSS in the Write Data...

4.8CVSS

4.7AI Score

0.001EPSS

2020-03-02 08:15 PM
32