CVE-2024-30896

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-30896

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30896.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-30896

Downstream

UBUNTU-CVE-2024-30896

Published

2024-11-21T11:15:34.007Z

Modified

2026-04-02T10:09:59.054007Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API. The supplier has stated that InfluxDB 2.8.0 has addressed this issue.

References

Affected packages

Git / github.com/influxdata/influxdb

Affected ranges

Type

GIT

Repo

https://github.com/influxdata/influxdb

Events

Introduced

Last affected

fbf5d4ab5e65d3a3661aa52e1d05259d19a6a81b

Fixed

40a633239e25dde9efcf0f21d5950897051cf8a9

Database specific

{
    "versions": [
        {
            "introduced": "2.x"
        },
        {
            "last_affected": "2.7.11"
        }
    ]
}

Affected versions

1.*

1.8.0

Other

release-test

sgc-pre-batch

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.1.0

v0.1.1.rc1

v0.1.1.rc3

v0.1.1.rc4

v0.1.1.rc5

v0.1.1.rc6

v0.10.0

v0.10.0-beta1

v0.10.0-beta2

v0.10.0-rc1

v0.10.0-rc2

v0.10.1

v0.10.2

v0.10.3

v0.11.0

v0.11.0-rc1

v0.11.1

v0.12.0

v0.12.1

v0.12.2

v0.13.0

v0.13.0-rc1

v0.13.0-rc2

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.4.0

v0.4.0.rc1

v0.4.0.rc2

v0.4.0.rc3

v0.4.0.rc4

v0.4.0.rc5

v0.4.0.rc6

v0.4.0.rc7

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.0-rc.1

v0.5.0-rc.2

v0.5.0-rc.3

v0.5.0-rc.4

v0.5.0-rc.5

v0.5.0-rc.6

v0.5.1

v0.5.10

v0.5.11

v0.5.12

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.8.0

v0.8.0-rc.1

v0.8.0-rc.2

v0.8.0-rc.3

v0.8.0-rc.4

v0.8.0-rc.5

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.4-rc.1

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.9.0

v0.9.0-rc10

v0.9.0-rc11

v0.9.0-rc12

v0.9.0-rc13

v0.9.0-rc14

v0.9.0-rc15

v0.9.0-rc16

v0.9.0-rc17

v0.9.0-rc18

v0.9.0-rc19

v0.9.0-rc2

v0.9.0-rc20

v0.9.0-rc21

v0.9.0-rc22

v0.9.0-rc23

v0.9.0-rc24

v0.9.0-rc25

v0.9.0-rc26

v0.9.0-rc27

v0.9.0-rc28

v0.9.0-rc29

v0.9.0-rc3

v0.9.0-rc30

v0.9.0-rc31

v0.9.0-rc32

v0.9.0-rc33

v0.9.0-rc4

v0.9.0-rc5

v0.9.0-rc6

v0.9.0-rc7

v0.9.0-rc8

v0.9.0-rc9

v0.9.1

v0.9.1-rc1

v0.9.1-rc2

v0.9.2

v0.9.2-rc1

v0.9.2.1

v0.9.3

v0.9.3-rc1

v0.9.3-rc2

v0.9.3-rc3

v0.9.4

v0.9.4-rc1

v0.9.4.1

v0.9.4.2

v0.9.5

v0.9.5-rc1

v0.9.5-rc2

v0.9.5-rc3

v0.9.5.1

v0.9.6

v0.9.6-rc1

v0.9.6-rc2

v0.9.6.1

v1.*

v1.0.0

v1.0.0-beta1

v1.0.0-beta2

v1.0.0-beta3

v1.0.0-rc1

v1.0.0-rc2

v1.0.1

v1.0.2

v1.1.0

v1.1.0-rc1

v1.1.0-rc2

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.10.0

v1.10.0rc0

v1.10.0rc1

v1.10.0rc2

v1.10.0rc3

v1.10.0rc4

v1.10.1

v1.10.1rc0

v1.10.1rc1

v1.10.2

v1.10.3

v1.10.4

v1.10.5

v1.10.6

v1.10.7

v1.10.8

v1.10.9

v1.11.0

v1.11.1

v1.11.1rc0

v1.11.1rc1

v1.11.1rc3

v1.11.2

v1.11.2rc0

v1.11.2rc1

v1.11.2rc2

v1.11.2rc3

v1.11.2rc4

v1.11.4

v1.11.5

v1.11.5rc0

v1.11.6

v1.11.6rc0

v1.11.6rc1

v1.11.6rc2

v1.11.7

v1.11.7rc0

v1.11.8

v1.11.9

v1.12.0

v1.12.0rc0

v1.12.0rc1

v1.12.1

v1.12.1rc0

v1.12.1rc1

v1.12.1rc3

v1.12.2

v1.12.2rc0

v1.12.2rc1

v1.12.3

v1.12.3-rc.0

v1.12.3rc1

v1.12.3rc2

v1.2.0

v1.2.0-rc1

v1.2.0-rc2

v1.2.1

v1.2.1-rc1

v1.2.1-rc2

v1.2.1-rc3

v1.2.1-rc4

v1.2.1-rc5

v1.2.2

v1.2.3

v1.2.3-gershontest

v1.2.4

v1.3.0

v1.3.0rc1

v1.3.0rc2

v1.3.1

v1.3.1rc1

v1.3.1rc2

v1.3.1rc3

v1.3.2

v1.3.3

v1.3.4

v1.3.4rc1

v1.3.4rc2

v1.3.5

v1.3.6

v1.3.6rc0

v1.3.7

v1.3.7rc0

v1.3.7rc1

v1.3.8

v1.3.8rc0

v1.3.8rc1

v1.3.9

v1.3.9rc0

v1.4.0

v1.4.0rc0

v1.4.1

v1.4.2

v1.4.3

v1.4.3rc0

v1.5.0

v1.5.0rc0

v1.5.0rc1

v1.5.0rc2

v1.5.0rc3

v1.5.0rc4

v1.5.0rc5

v1.5.0rc6

v1.5.1

v1.5.2

v1.5.2rc0

v1.5.2rc1

v1.5.2rc2

v1.5.3

v1.5.3rc0

v1.5.3rc1

v1.5.3rc2

v1.5.4

v1.5.5

v1.5.5rc0

v1.5.5rc1

v1.6.0

v1.6.0rc0

v1.6.0rc1

v1.6.0rc2

v1.6.1

v1.6.1-exp-2-tr

v1.6.1-exp-tr

v1.6.1rc0

v1.6.1rc1

v1.6.2

v1.6.2rc0

v1.6.3

v1.6.3rc0

v1.6.4

v1.6.5

v1.6.6

v1.6.6rc0

v1.6.7rc0

v1.7.0

v1.7.0rc0

v1.7.1

v1.7.10

v1.7.10rc0

v1.7.10rc1

v1.7.10rc2

v1.7.11

v1.7.11rc0

v1.7.2

v1.7.2rc0

v1.7.3

v1.7.4

v1.7.4rc0

v1.7.4rc1

v1.7.4rc2

v1.7.5

v1.7.5rc0

v1.7.5rc1

v1.7.6

v1.7.6rc1

v1.7.7

v1.7.7rc0

v1.7.7rc1

v1.7.7rc2

v1.7.8

v1.7.8rc0

v1.7.8rc1

v1.7.8rc2

v1.7.9

v1.7.9-dev1

v1.7.9rc0

v1.7.9rc1

v1.8.0

v1.8.0rc0

v1.8.0rc1

v1.8.0rc2

v1.8.0rc3

v1.8.1

v1.8.10

v1.8.10rc0

v1.8.10rc1

v1.8.1rc0

v1.8.1rc1

v1.8.2

v1.8.2rc0

v1.8.3

v1.8.3rc0

v1.8.4

v1.8.4rc0

v1.8.4rc3

v1.8.4rc4

v1.8.4rc5

v1.8.5

v1.8.5rc0

v1.8.5rc1

v1.8.6

v1.8.7

v1.8.8

v1.8.9

v1.9.0

v1.9.0rc0

v1.9.0rc1

v1.9.0rc2

v1.9.1

v1.9.10

v1.9.11

v1.9.12

v1.9.13

v1.9.2

v1.9.3

v1.9.3rc0

v1.9.4

v1.9.4rc0

v1.9.4rc1

v1.9.4rc2

v1.9.5

v1.9.5rc0

v1.9.6

v1.9.6rc0

v1.9.6rc1

v1.9.6rc2

v1.9.7

v1.9.7rc0

v1.9.7rc1

v1.9.7rc2

v1.9.7rc3

v1.9.7rc4

v1.9.7rc5

v1.9.8

v1.9.8rc0

v1.9.9

v2.*

v2.0.0

v2.0.0-alpha.1

v2.0.0-alpha.10

v2.0.0-alpha.10.1

v2.0.0-alpha.10.2

v2.0.0-alpha.11

v2.0.0-alpha.12

v2.0.0-alpha.13

v2.0.0-alpha.14

v2.0.0-alpha.15

v2.0.0-alpha.16

v2.0.0-alpha.17

v2.0.0-alpha.18

v2.0.0-alpha.19

v2.0.0-alpha.2

v2.0.0-alpha.20

v2.0.0-alpha.21

v2.0.0-alpha.3

v2.0.0-alpha.4

v2.0.0-alpha.5

v2.0.0-alpha.6

v2.0.0-alpha.7

v2.0.0-alpha.8

v2.0.0-alpha.9

v2.0.0-beta.1

v2.0.0-beta.10

v2.0.0-beta.11

v2.0.0-beta.12

v2.0.0-beta.13

v2.0.0-beta.14

v2.0.0-beta.15

v2.0.0-beta.16

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.0-beta.4

v2.0.0-beta.5

v2.0.0-beta.6

v2.0.0-beta.7

v2.0.0-beta.8

v2.0.0-beta.9

v2.0.0-rc.0

v2.0.0-rc.1

v2.0.0-rc.2

v2.0.0-rc.3

v2.0.0-rc.4

v2.0.1

v2.0.1-alpha.10

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.2.0

v2.3.0

v2.4.0

v2.5.0

v2.5.1

v2.6.0

v2.6.1

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v3.*

v3.0.0

v3.0.0-0.beta.1

v3.0.0-0.beta.2

v3.0.0-0.beta.3

v3.0.0-0.beta.4

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v3.2.0

v3.2.1

v3.3.0

v3.4.0

v3.4.1

v3.4.2

v3.5.0

v3.5.0-0.rc.1

v3.5.0-1.rc.1

v3.6.0

v3.6.0-0.rc.1

v3.7.0

v3.7.0-0.rc.1

v3.8.0

v3.8.0-0.rc.1

v3.8.1

v3.8.1-0.rc.0

v3.8.1-0.rc.1

v3.8.1-0.rc.2

v3.8.2

v3.8.3

v3.9.0

v3.9.0-0.rc.1

v3.9.0-0.rc.2

v3.9.0-0.rc.3

v3.9.0-0.rc.4

v3.9.0-0.rc.5

v3.9.0-0.rc.6

v3.9.0-0.rc.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30896.json"