CVE-2019-20933
N/A
N/A
Summary
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/influxdata/influxdb/issues/12927
- https://github.com/influxdata/influxdb/compare/v1.7.5…v1.7.6
- https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0
- https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html
- https://www.debian.org/security/2021/dsa-4823
References
- https://github.com/influxdata/influxdb/issues/12927
- https://github.com/influxdata/influxdb/compare/v1.7.5…v1.7.6
- https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0
- https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html
- https://www.debian.org/security/2021/dsa-4823
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.