Debian Influxdb vulnerabilities
2 known vulnerabilities affecting debian/influxdb.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-20933P1CRITICALCVSS 9.8ExploitedPoCfixed in influxdb 1.6.7~rc0-1 (bookworm)2019
CVE-2019-20933 [CRITICAL] CVE-2019-20933: influxdb - InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenti...
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
Scope: local
bookworm: resolved (fixed in 1.6.7~rc0-1)
bullseye: resolved (fixed in 1.6.7~rc0-1)
forky: resolved (fixed in 1.6.7~rc0-1)
sid: resolved (fixed in 1.6.7~rc
debian
CVE-2018-17572P4MEDIUMCVSS 4.8fixed in influxdb 0.9.6.1+dfsg1-1 (bookworm)2018
CVE-2018-17572 [MEDIUM] CVE-2018-17572: influxdb - InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
Scope: local
bookworm: resolved (fixed in 0.9.6.1+dfsg1-1)
bullseye: resolved (fixed in 0.9.6.1+dfsg1-1)
forky: resolved (fixed in 0.9.6.1+dfsg1-1)
sid: resolved (fixed in 0.9.6.1+dfsg1-1)
trixie: resolved (fixed in 0.9.6.1+dfsg1-1)
debian