InfluxDB is an open source temporal database developed by InfluxData. An authentication bypass vulnerability exists in the authenticate function in services/httpd/handler.go in versions prior to InfluxDB 1.7.6. The vulnerability stems from the fact that JWT tokens may have an empty SharedSecret. An attacker could use this vulnerability to bypass authentication.
CPE | Name | Operator | Version |
---|---|---|---|
influxdata influxdb | lt | 1.7.6 |