3 matches found
CVE-2019-20933
InfluxDB before 1.7.6 contains an authentication bypass in the authenticate function (services/httpd/handler.go) where a JWT token may carry an empty SharedSecret. This can allow an attacker to bypass authentication and gain unauthorized access, potentially enabling data modification or administr...
CVE-2022-36640
CVE-2022-36640 affects influxData influxDB prior to v1.8.10, where there is no authentication mechanism or access controls. This condition enables unauthenticated remote command execution as described in the description. The vulnerability is repeatedly referenced across multiple connected sources...
CVE-2018-17572
CVE-2018-17572 affects InfluxDB 0.9.5 with a Reflected XSS in the Write Data module (and related admin panel exposure via Write Data). The connected sources corroborate XSS in the Write Data path rather than other components; no other versions or root-cause details are provided in these documents...