InfluxDB 漏洞列表
共找到 3 个与 InfluxDB 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2019-20933: InfluxDB <1.7.6 - Authentication Bypass POC
InfluxDB before 1.7.6 contains an authentication bypass vulnerability via the authenticate function in services/httpd/handler.go. A JWT token may have an empty SharedSecret (aka shared secret). An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. SHODAN: InfluxDB ZoomEye: app:"InfluxDB http admin" -
CVE-2019-20933: InfluxDB <1.7.6 - Authentication Bypass POC
InfluxDB before 1.7.6 contains an authentication bypass vulnerability via the authenticate function in services/httpd/handler.go. A JWT token may have an empty SharedSecret (aka shared secret). An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. -
influxDB 未授权访问 无POC
influxdb是一款著名的时序数据库,其使用jwt作为鉴权方式。在用户开启了认证,但未设置参数shared-secret的情况下,jwt的认证密钥为空字符串,此时攻击者可以伪造任意用户身份在influxdb中执行SQL语句。