Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities by influxdata

    CVE-2022-36640 (GCVE-0-2022-36640)

    Vulnerability from nvd – Published: 2022-09-02 20:50 – Updated: 2024-08-03 10:07 Disputed
    VLAI
    Summary
    influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:07:34.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://influxdata.com"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://influxdb.com"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.influxdata.com/downloads/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.influxdata.com/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor\u0027s documentation states \"If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-04T04:38:45.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://influxdata.com"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://influxdb.com"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.influxdata.com/downloads/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.influxdata.com/"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-36640",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor\u0027s documentation states \"If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://influxdata.com",
                  "refsource": "MISC",
                  "url": "http://influxdata.com"
                },
                {
                  "name": "http://influxdb.com",
                  "refsource": "MISC",
                  "url": "http://influxdb.com"
                },
                {
                  "name": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx",
                  "refsource": "MISC",
                  "url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
                },
                {
                  "name": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb",
                  "refsource": "MISC",
                  "url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
                },
                {
                  "name": "https://portal.influxdata.com/downloads/",
                  "refsource": "MISC",
                  "url": "https://portal.influxdata.com/downloads/"
                },
                {
                  "name": "https://www.influxdata.com/",
                  "refsource": "MISC",
                  "url": "https://www.influxdata.com/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-36640",
        "datePublished": "2022-09-02T20:50:45.000Z",
        "dateReserved": "2022-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:07:34.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35187 (GCVE-0-2020-35187)

    Vulnerability from nvd – Published: 2020-12-17 00:58 – Updated: 2024-08-04 17:02
    VLAI
    Summary
    The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:02:06.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-17T00:58:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35187",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187",
                  "refsource": "MISC",
                  "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35187",
        "datePublished": "2020-12-17T00:58:19.000Z",
        "dateReserved": "2020-12-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:02:06.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-20933 (GCVE-0-2019-20933)

    Vulnerability from nvd – Published: 2020-11-19 01:50 – Updated: 2024-08-05 03:00
    Summary
    InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:00:18.714Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/influxdata/influxdb/issues/12927"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0"
              },
              {
                "name": "[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html"
              },
              {
                "name": "DSA-4823",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4823"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-02T15:07:39.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/influxdata/influxdb/issues/12927"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0"
            },
            {
              "name": "[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html"
            },
            {
              "name": "DSA-4823",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4823"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-20933",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/influxdata/influxdb/issues/12927",
                  "refsource": "MISC",
                  "url": "https://github.com/influxdata/influxdb/issues/12927"
                },
                {
                  "name": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6",
                  "refsource": "MISC",
                  "url": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6"
                },
                {
                  "name": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0",
                  "refsource": "MISC",
                  "url": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0"
                },
                {
                  "name": "[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html"
                },
                {
                  "name": "DSA-4823",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4823"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-20933",
        "datePublished": "2020-11-19T01:50:50.000Z",
        "dateReserved": "2020-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:00:18.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17572 (GCVE-0-2018-17572)

    Vulnerability from nvd – Published: 2020-03-02 19:31 – Updated: 2024-08-05 10:54
    VLAI
    Summary
    InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:54:10.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "InfluxDB 0.9.5 has Reflected XSS in the Write Data module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-02T19:31:54.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-17572",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "InfluxDB 0.9.5 has Reflected XSS in the Write Data module."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48"
                },
                {
                  "name": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-17572",
        "datePublished": "2020-03-02T19:31:54.000Z",
        "dateReserved": "2018-09-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:54:10.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36640 (GCVE-0-2022-36640)

    Vulnerability from cvelistv5 – Published: 2022-09-02 20:50 – Updated: 2024-08-03 10:07 Disputed
    VLAI
    Summary
    influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:07:34.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://influxdata.com"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://influxdb.com"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.influxdata.com/downloads/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.influxdata.com/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor\u0027s documentation states \"If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-04T04:38:45.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://influxdata.com"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://influxdb.com"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.influxdata.com/downloads/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.influxdata.com/"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-36640",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor\u0027s documentation states \"If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://influxdata.com",
                  "refsource": "MISC",
                  "url": "http://influxdata.com"
                },
                {
                  "name": "http://influxdb.com",
                  "refsource": "MISC",
                  "url": "http://influxdb.com"
                },
                {
                  "name": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx",
                  "refsource": "MISC",
                  "url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
                },
                {
                  "name": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb",
                  "refsource": "MISC",
                  "url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
                },
                {
                  "name": "https://portal.influxdata.com/downloads/",
                  "refsource": "MISC",
                  "url": "https://portal.influxdata.com/downloads/"
                },
                {
                  "name": "https://www.influxdata.com/",
                  "refsource": "MISC",
                  "url": "https://www.influxdata.com/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-36640",
        "datePublished": "2022-09-02T20:50:45.000Z",
        "dateReserved": "2022-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:07:34.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35187 (GCVE-0-2020-35187)

    Vulnerability from cvelistv5 – Published: 2020-12-17 00:58 – Updated: 2024-08-04 17:02
    VLAI
    Summary
    The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:02:06.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-17T00:58:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35187",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187",
                  "refsource": "MISC",
                  "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35187"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35187",
        "datePublished": "2020-12-17T00:58:19.000Z",
        "dateReserved": "2020-12-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:02:06.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-20933 (GCVE-0-2019-20933)

    Vulnerability from cvelistv5 – Published: 2020-11-19 01:50 – Updated: 2024-08-05 03:00
    Summary
    InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:00:18.714Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/influxdata/influxdb/issues/12927"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0"
              },
              {
                "name": "[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html"
              },
              {
                "name": "DSA-4823",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4823"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-02T15:07:39.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/influxdata/influxdb/issues/12927"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0"
            },
            {
              "name": "[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html"
            },
            {
              "name": "DSA-4823",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4823"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-20933",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/influxdata/influxdb/issues/12927",
                  "refsource": "MISC",
                  "url": "https://github.com/influxdata/influxdb/issues/12927"
                },
                {
                  "name": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6",
                  "refsource": "MISC",
                  "url": "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6"
                },
                {
                  "name": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0",
                  "refsource": "MISC",
                  "url": "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0"
                },
                {
                  "name": "[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html"
                },
                {
                  "name": "DSA-4823",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4823"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-20933",
        "datePublished": "2020-11-19T01:50:50.000Z",
        "dateReserved": "2020-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:00:18.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17572 (GCVE-0-2018-17572)

    Vulnerability from cvelistv5 – Published: 2020-03-02 19:31 – Updated: 2024-08-05 10:54
    VLAI
    Summary
    InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:54:10.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "InfluxDB 0.9.5 has Reflected XSS in the Write Data module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-02T19:31:54.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-17572",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "InfluxDB 0.9.5 has Reflected XSS in the Write Data module."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48"
                },
                {
                  "name": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/influxdata/influxdb/releases/tag/v0.9.6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-17572",
        "datePublished": "2020-03-02T19:31:54.000Z",
        "dateReserved": "2018-09-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:54:10.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }