Bugzilla – Bug 1203191
VUL-2: CVE-2022-36640: influxdb: there are no authentication mechanisms before v1.8.10 (DISPUTED)
Last modified: 2022-09-07 06:35:30 UTC
CVE-2022-36640 ** DISPUTED ** influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization." References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36640 http://www.cvedetails.com/cve/CVE-2022-36640/ https://www.cve.org/CVERecord?id=CVE-2022-36640 https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb https://www.influxdata.com/ http://influxdb.com https://portal.influxdata.com/downloads/ http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx http://influxdata.com
This is CVE is disputed and the behavior is documented, so it does not meet the requirements for Cloud8 and Cloud9. Closing as WONTFIX.