Vulnerabilities > Influxdata > Influxdb > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-02 CVE-2022-36640 Incorrect Default Permissions vulnerability in Influxdata Influxdb
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands.
network
low complexity
influxdata CWE-276
critical
 9.8
9.8
2020-11-19 CVE-2019-20933 Improper Authentication vulnerability in multiple products
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
network
low complexity
influxdata debian CWE-287
critical
 9.8
9.8