Vulnerabilities > Influxdata > Influxdb > 0.7.0

DATE CVE VULNERABILITY TITLE RISK
2022-09-02 CVE-2022-36640 Incorrect Default Permissions vulnerability in Influxdata Influxdb
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands.
network
low complexity
influxdata CWE-276
critical
 9.8
9.8
2020-11-19 CVE-2019-20933 Improper Authentication vulnerability in multiple products
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
network
low complexity
influxdata debian CWE-287
critical
 9.8
9.8
2020-03-02 CVE-2018-17572 Cross-site Scripting vulnerability in Influxdata Influxdb
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
network
influxdata CWE-79
3.5
3.5