2020-04-22
ALT-BU-2020-3776-1
Branch sisyphus update bulletin.
Closed bugs
Независимые данные не отделены
Closed bugs
Ошибка запуска veyon.service
Closed vulnerabilities
Published: 2022-09-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-36640
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://influxdata.com
- http://influxdb.com
- http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx
- https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb
- https://portal.influxdata.com/downloads/
- https://www.influxdata.com/
- http://influxdata.com
- https://www.influxdata.com/
- https://portal.influxdata.com/downloads/
- https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb
- http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx
- http://influxdb.com