Search criteria
4 vulnerabilities by influxdata
CVE-2022-36640 (GCVE-0-2022-36640)
Vulnerability from cvelistv5 – Published: 2022-09-02 20:50 – Updated: 2024-08-03 10:07 Disputed
VLAI
Summary
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://influxdata.com | x_refsource_MISC |
| http://influxdb.com | x_refsource_MISC |
| http://www.krsecu.com/CVE/409b5310045bd6b9a984a5f… | x_refsource_MISC |
| https://dl.influxdata.com/influxdb/releases/influ… | x_refsource_MISC |
| https://portal.influxdata.com/downloads/ | x_refsource_MISC |
| https://www.influxdata.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://influxdata.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://influxdb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.influxdata.com/downloads/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.influxdata.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor\u0027s documentation states \"If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-04T04:38:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://influxdata.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://influxdb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.influxdata.com/downloads/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.influxdata.com/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor\u0027s documentation states \"If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://influxdata.com",
"refsource": "MISC",
"url": "http://influxdata.com"
},
{
"name": "http://influxdb.com",
"refsource": "MISC",
"url": "http://influxdb.com"
},
{
"name": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx",
"refsource": "MISC",
"url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
},
{
"name": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb",
"refsource": "MISC",
"url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
},
{
"name": "https://portal.influxdata.com/downloads/",
"refsource": "MISC",
"url": "https://portal.influxdata.com/downloads/"
},
{
"name": "https://www.influxdata.com/",
"refsource": "MISC",
"url": "https://www.influxdata.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36640",
"datePublished": "2022-09-02T20:50:45.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35187 (GCVE-0-2020-35187)
Vulnerability from cvelistv5 – Published: 2020-12-17 00:58 – Updated: 2024-08-04 17:02
VLAI
Summary
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/koharin/koharin2/blob/main/CVE… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:06.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T00:58:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187",
"refsource": "MISC",
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35187",
"datePublished": "2020-12-17T00:58:19.000Z",
"dateReserved": "2020-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:02:06.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20933 (GCVE-0-2019-20933)
Vulnerability from cvelistv5 – Published: 2020-11-19 01:50 – Updated: 2024-08-05 03:00
VLAI
Summary
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/influxdata/influxdb/issues/12927 | x_refsource_MISC |
| https://github.com/influxdata/influxdb/compare/v1… | x_refsource_MISC |
| https://github.com/influxdata/influxdb/commit/761… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-4823 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/influxdata/influxdb/issues/12927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0"
},
{
"name": "[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html"
},
{
"name": "DSA-4823",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4823"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-02T15:07:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/influxdata/influxdb/issues/12927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0"
},
{
"name": "[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html"
},
{
"name": "DSA-4823",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4823"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/influxdata/influxdb/issues/12927",
"refsource": "MISC",
"url": "https://github.com/influxdata/influxdb/issues/12927"
},
{
"name": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6",
"refsource": "MISC",
"url": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6"
},
{
"name": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0",
"refsource": "MISC",
"url": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0"
},
{
"name": "[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html"
},
{
"name": "DSA-4823",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4823"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20933",
"datePublished": "2020-11-19T01:50:50.000Z",
"dateReserved": "2020-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:00:18.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17572 (GCVE-0-2018-17572)
Vulnerability from cvelistv5 – Published: 2020-03-02 19:31 – Updated: 2024-08-05 10:54
VLAI
Summary
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gist.github.com/Raghavrao29/1cb84f1f2d8ce… | x_refsource_MISC |
| https://github.com/influxdata/influxdb/releases/t… | x_refsource_CONFIRM |
Date Public
2019-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:10.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InfluxDB 0.9.5 has Reflected XSS in the Write Data module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T19:31:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InfluxDB 0.9.5 has Reflected XSS in the Write Data module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48",
"refsource": "MISC",
"url": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48"
},
{
"name": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6",
"refsource": "CONFIRM",
"url": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17572",
"datePublished": "2020-03-02T19:31:54.000Z",
"dateReserved": "2018-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:54:10.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}