Vulnerabilities > Influxdata

DATE CVE VULNERABILITY TITLE RISK
2022-09-02 CVE-2022-36640 Incorrect Default Permissions vulnerability in Influxdata Influxdb
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands.
network
low complexity
influxdata CWE-276
critical
9.8
2020-12-17 CVE-2020-35187 Missing Authentication for Critical Function vulnerability in Influxdata Telegraf
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
influxdata CWE-306
critical
10.0
2020-11-19 CVE-2019-20933 Improper Authentication vulnerability in multiple products
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
network
low complexity
influxdata debian CWE-287
critical
9.8
2020-03-02 CVE-2018-17572 Cross-site Scripting vulnerability in Influxdata Influxdb
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
network
influxdata CWE-79
3.5