Github.Com Influxdata Influxdb vulnerabilities

2 known vulnerabilities affecting github.com/influxdata_influxdb.

Total CVEs

2

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL1MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2018-17572MEDIUM≥ 0, < 0.9.62022-05-24

CVE-2018-17572 [MEDIUM] CWE-79 InfluxDB Reflected Cross-site Scripting InfluxDB Reflected Cross-site Scripting InfluxDB 0.9.5 has Reflected XSS in the admin panel via the Write Data module.

CVE-2019-20933CRITICALPoC≥ 0, < 1.7.62021-05-18

CVE-2019-20933 [CRITICAL] CWE-287 Improper Authentication in InfluxDB Improper Authentication in InfluxDB InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in `services/httpd/handler.go` because a JWT token may have an empty SharedSecret (aka shared secret).