Vulnerability Name: | CVE-2022-36640 | ||||||
Assigned: | 2022-09-02 | ||||||
Published: | 2022-09-02 | ||||||
Updated: | 2022-09-08 | ||||||
Summary: | ** DISPUTED ** influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. Note: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization." | ||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
| ||||||
CVSS v2 Severity: | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||
Vulnerability Type: | CWE-276 | ||||||
References: | Source: MITRE Type: CNA CVE-2022-36640 Source: MISC Type: Product http://influxdata.com Source: MISC Type: Product http://influxdb.com Source: MISC Type: Broken Link http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx Source: MISC Type: Patch, Vendor Advisory https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb Source: MISC Type: Patch, Product https://portal.influxdata.com/downloads/ Source: MISC Type: Product https://www.influxdata.com/ | ||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||
BACK |