influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendors documentation states If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
During installation, installed file permissions are set to allow anyone to modify those files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Influxdb | Influxdata | * | 1.8.0 (excluding) |
Influxdb | Ubuntu | bionic | * |
Influxdb | Ubuntu | kinetic | * |
Influxdb | Ubuntu | lunar | * |
Influxdb | Ubuntu | mantic | * |
Influxdb | Ubuntu | trusty | * |
Influxdb | Ubuntu | xenial | * |