Bugzilla – Bug 1203191
VUL-2: CVE-2022-36640: influxdb: there are no authentication mechanisms before v1.8.10 (DISPUTED)
Last modified: 2022-09-07 06:35:30 UTC
** DISPUTED ** influxData influxDB before v1.8.10 contains no authentication
mechanism or controls, allowing unauthenticated attackers to execute arbitrary
commands. NOTE: the CVE ID assignment is disputed because the vendor's
documentation states "If InfluxDB is being deployed on a publicly accessible
endpoint, we strongly recommend authentication be enabled. Otherwise the data
will be publicly available to any unauthenticated user. The default settings do
NOT enable authentication and authorization."
This is CVE is disputed and the behavior is documented, so it does not meet the requirements for Cloud8 and Cloud9. Closing as WONTFIX.