← Back

CVE-2022-36640

nvd nist
Published: Sep 2, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.

Affected (1)

Products: Influxdata: Influxdb
Influxdata
1 product
Influxdb
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Influxdb
Before 1.8.0

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (12)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Product
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchProduct
Source: cve@mitre.org
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchProduct
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.