CVE-2019-20933

Published November 19th, 2020

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

influxdata/influxdb

Scalable datastore for metrics, events, and real-time analytics

GitHub

31.6K