Debian Influxdb vulnerabilities

CVE-2024-30896 [CRITICAL] CVE-2024-30896: influxdb - InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under t... InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that Infl

CVE-2022-36640 [CRITICAL] CVE-2022-36640: influxdb - influxData influxDB before v1.8.10 contains no authentication mechanism or contr... influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the d

CVE-2019-20933 [CRITICAL] CVE-2019-20933: influxdb - InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenti... InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). Scope: local bookworm: resolved (fixed in 1.6.7~rc0-1) bullseye: resolved (fixed in 1.6.7~rc0-1) forky: resolved (fixed in 1.6.7~rc0-1) sid: resolved (fixed in 1.6.7~rc

CVE-2018-17572 [MEDIUM] CVE-2018-17572: influxdb - InfluxDB 0.9.5 has Reflected XSS in the Write Data module. InfluxDB 0.9.5 has Reflected XSS in the Write Data module. Scope: local bookworm: resolved (fixed in 0.9.6.1+dfsg1-1) bullseye: resolved (fixed in 0.9.6.1+dfsg1-1) forky: resolved (fixed in 0.9.6.1+dfsg1-1) sid: resolved (fixed in 0.9.6.1+dfsg1-1) trixie: resolved (fixed in 0.9.6.1+dfsg1-1)