Zurück zur CVE-Übersicht
CVE-2022-36640
CRITICAL(9.8)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score25/100 — MITTEL
- CVSS 9.8 — Kritisch
EPSS-Score
2%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization."
Referenzen
- http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b...
- https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb
- https://portal.influxdata.com/downloads/
- https://www.influxdata.com/
- http://influxdata.com
- http://influxdb.com
- http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b...
- https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb
- https://portal.influxdata.com/downloads/
- https://www.influxdata.com/