Influxdata Influxdb vulnerabilities

CVE-2022-36640 [CRITICAL] CWE-276 CVE-2022-36640: influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauth influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. O

CVE-2019-20933 [CRITICAL] CWE-287 CVE-2019-20933: InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in ser InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

CVE-2018-17572 [MEDIUM] CWE-79 CVE-2018-17572: InfluxDB 0.9.5 has Reflected XSS in the Write Data module. InfluxDB 0.9.5 has Reflected XSS in the Write Data module.