Influxdata InfluxDB 0.0.9

CPE Details

Influxdata InfluxDB 0.0.9
influxdata
influxdb
0.0.9
2020-03-03
14h15 +00:00
2020-03-03
14h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:influxdata:influxdb:0.0.9:*:*:*:*:*:*:*

Informations

Vendor

influxdata

Product

influxdb

Version

0.0.9

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-36640 2022-09-02 18h50 +00:00 influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
9.8
Critical
CVE-2019-20933 2020-11-19 00h50 +00:00 InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
9.8
Critical
CVE-2018-17572 2020-03-02 18h31 +00:00 InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
4.8
Medium