Search CVE reports
1 – 3 of 3 results
CVE-2022-36640
Negligible priority** DISPUTED ** influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's...
1 affected packages
influxdb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
influxdb | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-20933
Medium prioritySome fixes available 5 of 6
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
1 affected packages
influxdb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
influxdb | — | Fixed | Fixed | Fixed | Not affected |
CVE-2018-17572
Low priorityInfluxDB 0.9.5 has Reflected XSS in the Write Data module.
1 affected packages
influxdb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
influxdb | — | Not affected | Not affected | Not affected | Not affected |