Vulnerability Description
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Influxdata | Influxdb | < 1.8.0 |
Related Weaknesses (CWE)
References
- http://influxdata.comProduct
- http://influxdb.comProduct
- http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84bBroken Link
- https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.debPatchVendor Advisory
- https://portal.influxdata.com/downloads/PatchProduct
- https://www.influxdata.com/Product
- http://influxdata.comProduct
- http://influxdb.comProduct
- http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84bBroken Link
- https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.debPatchVendor Advisory
- https://portal.influxdata.com/downloads/PatchProduct
- https://www.influxdata.com/Product
FAQ
What is CVE-2022-36640?
CVE-2022-36640 is a vulnerability with a CVSS score of 9.8 (CRITICAL). influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because t...
How severe is CVE-2022-36640?
CVE-2022-36640 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-36640?
Check the references section above for vendor advisories and patch information. Affected products include: Influxdata Influxdb.