Influxdb Security Vulnerabilities and Issues — Influxdb CVE List

Lucene search

InfluxdataInfluxdb

4 matches found

CVE•added 2020/11/19 2:15 a.m.•200 views

CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

9.8CVSS9.4AI score0.93745EPSS

CVE•added 2022/09/02 9:15 p.m.•76 views

CVE-2022-36640

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, ...

9.8CVSS9.8AI score0.01748EPSS

CVE•added 2024/11/21 11:15 a.m.•61 views

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and C...

9.1CVSS9AI score0.07639EPSS

CVE•added 2020/03/02 8:15 p.m.•47 views

CVE-2018-17572

InfluxDB 0.9.5 has Reflected XSS in the Write Data module.

4.8CVSS4.7AI score0.00321EPSS