influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
References
Link | Resource |
---|---|
http://influxdata.com | Product |
http://influxdb.com | Product |
http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx | Broken Link |
https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb | Patch Vendor Advisory |
https://portal.influxdata.com/downloads/ | Patch Product |
https://www.influxdata.com/ | Product |
Configurations
History
07 Nov 2023, 03:49
Type | Values Removed | Values Added |
---|---|---|
Summary | influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization. |
08 Sep 2022, 03:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-276 | |
CPE | cpe:2.3:a:influxdata:influxdb:*:*:*:*:*:*:*:* | |
First Time |
Influxdata influxdb
Influxdata |
|
References | (MISC) http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx - Broken Link | |
References | (MISC) http://influxdb.com - Product | |
References | (MISC) https://portal.influxdata.com/downloads/ - Patch, Product | |
References | (MISC) https://www.influxdata.com/ - Product | |
References | (MISC) http://influxdata.com - Product | |
References | (MISC) https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb - Patch, Vendor Advisory |
04 Sep 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization." |
02 Sep 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-02 21:15
Updated : 2024-04-11 01:16
NVD link : CVE-2022-36640
Mitre link : CVE-2022-36640
CVE.ORG link : CVE-2022-36640
JSON object : View
Products Affected
influxdata
- influxdb
CWE
CWE-276
Incorrect Default Permissions