NuytsTech Security

CVE-2019-20933

by ·

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

Date published : 2020-11-18

https://www.debian.org/security/2021/dsa-4823

https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0

Tags: