Home > Vulnerability Database > CVE-2022-36640

Mend.io Vulnerability Database

CVE-2022-36640

Date: September 2, 2022

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.

Severity Score

9.8

Related Resources (9)

Url: https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb

Url: http://influxdb.com

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-36640

Url: https://www.influxdata.com/

Url: https://security-tracker.debian.org/tracker/CVE-2022-36640

Url: http://influxdata.com

Url: http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx

Url: https://portal.influxdata.com/downloads/

Url: https://www.mend.io/vulnerability-database/CVE-2022-36640

Severity Score

9.8

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-36640

Date: September 2, 2022

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?