Vulnerabilities > Influxdata

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-02	CVE-2022-36640	Incorrect Default Permissions vulnerability in Influxdata Influxdb influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. network low complexity influxdata CWE-276 critical	9.8
2020-12-17	CVE-2020-35187	Missing Authentication for Critical Function vulnerability in Influxdata Telegraf The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. network low complexity influxdata CWE-306 critical	9.8
2020-11-19	CVE-2019-20933	Improper Authentication vulnerability in multiple products InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). network low complexity influxdata debian CWE-287 critical	9.8
2020-03-02	CVE-2018-17572	Cross-site Scripting vulnerability in Influxdata Influxdb InfluxDB 0.9.5 has Reflected XSS in the Write Data module. network low complexity influxdata CWE-79	4.8

Vulnerabilities > Influxdata {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Influxdata"}]}