CVE-2019-20933

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-20933
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20933.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-20933
Aliases
Downstream
Related
Published
2020-11-19T02:15:11.913Z
Modified
2026-03-14T09:37:08.815675Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

References

Affected packages

Git / github.com/influxdata/influxdb

Affected ranges

Type
GIT
Repo
https://github.com/influxdata/influxdb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
01c8dd416270f424ab0c40f9291e269ac6921964
Fixed
761b557315ff9c1642cf3b0e5797cd3d983a24c0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.6"
        }
    ]
}

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1.rc1
v0.1.1.rc3
v0.1.1.rc4
v0.1.1.rc5
v0.1.1.rc6
v0.10.0
v0.10.0-beta1
v0.10.0-beta2
v0.10.0-rc1
v0.10.0-rc2
v0.13.0
v0.13.0-rc1
v0.13.0-rc2
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.0.rc1
v0.4.0.rc2
v0.4.0.rc3
v0.4.0.rc4
v0.4.0.rc5
v0.4.0.rc6
v0.4.0.rc7
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.0-rc.1
v0.5.0-rc.2
v0.5.0-rc.3
v0.5.0-rc.4
v0.5.0-rc.5
v0.5.0-rc.6
v0.5.1
v0.5.10
v0.5.11
v0.5.12
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.0-rc.1
v0.8.0-rc.2
v0.8.0-rc.3
v0.8.0-rc.4
v0.8.0-rc.5
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.5
v0.8.6
v0.8.7
v0.9.0
v0.9.0-rc10
v0.9.0-rc11
v0.9.0-rc12
v0.9.0-rc13
v0.9.0-rc14
v0.9.0-rc15
v0.9.0-rc16
v0.9.0-rc17
v0.9.0-rc18
v0.9.0-rc19
v0.9.0-rc2
v0.9.0-rc20
v0.9.0-rc21
v0.9.0-rc22
v0.9.0-rc23
v0.9.0-rc24
v0.9.0-rc25
v0.9.0-rc26
v0.9.0-rc27
v0.9.0-rc28
v0.9.0-rc29
v0.9.0-rc3
v0.9.0-rc30
v0.9.0-rc31
v0.9.0-rc32
v0.9.0-rc33
v0.9.0-rc4
v0.9.0-rc5
v0.9.0-rc6
v0.9.0-rc7
v0.9.0-rc8
v0.9.0-rc9
v0.9.1-rc1
v0.9.3-rc1
v0.9.4-rc1
v0.9.5-rc1
v0.9.6-rc1
v1.*
v1.0.0
v1.0.0-beta1
v1.0.0-beta2
v1.0.0-beta3
v1.0.0-rc1
v1.0.0-rc2
v1.0.1
v1.0.2
v1.1.0
v1.1.0-rc1
v1.1.0-rc2
v1.2.0
v1.2.0-rc1
v1.2.0-rc2
v1.2.1
v1.2.1-rc1
v1.2.1-rc2
v1.2.1-rc3
v1.2.1-rc4
v1.2.1-rc5
v1.2.2
v1.3.0rc1
v1.4.0rc0
v1.5.0
v1.5.0rc0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.0rc4
v1.5.0rc5
v1.5.0rc6
v1.6.0rc0
v1.7.0
v1.7.0rc0
v1.7.1
v1.7.2
v1.7.2rc0
v1.7.3
v1.7.4
v1.7.4rc0
v1.7.4rc1
v1.7.4rc2
v1.7.5
v1.7.5rc0
v1.7.5rc1
v1.7.6rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20933.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]