Influxdata InfluxDB 0.9.0 Release Candidate 14

CPE Details

Influxdata InfluxDB 0.9.0 Release Candidate 14
influxdata
influxdb
0.9.0
2020-03-03
14h16 +00:00
2020-03-03
14h16 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:influxdata:influxdb:0.9.0:rc14:*:*:*:*:*:*

Informations

Vendor

influxdata

Product

influxdb

Version

0.9.0

Update

rc14

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-36640 2022-09-02 18h50 +00:00 influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
9.8
Critique
CVE-2019-20933 2020-11-19 00h50 +00:00 InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
9.8
Critique
CVE-2018-17572 2020-03-02 18h31 +00:00 InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
4.8
Moyen