CVE-2024-30896
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-30896
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30896.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-30896
- Related
- Published
- 2024-11-21T11:15:34Z
- Modified
- 2025-02-19T03:37:57.606227Z
- Summary
- [none]
- Details
-
InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.
- References
Affected packages
Git / github.com/influxdata/influxdb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/influxdata/influxdb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1.rc1
v0.1.1.rc3
v0.1.1.rc4
v0.1.1.rc5
v0.1.1.rc6
v0.10.0
v0.10.0-beta1
v0.10.0-beta2
v0.10.0-rc1
v0.10.0-rc2
v0.13.0
v0.13.0-rc1
v0.13.0-rc2
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.0.rc1
v0.4.0.rc2
v0.4.0.rc3
v0.4.0.rc4
v0.4.0.rc5
v0.4.0.rc6
v0.4.0.rc7
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.0-rc.1
v0.5.0-rc.2
v0.5.0-rc.3
v0.5.0-rc.4
v0.5.0-rc.5
v0.5.0-rc.6
v0.5.1
v0.5.10
v0.5.11
v0.5.12
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.0-rc.1
v0.8.0-rc.2
v0.8.0-rc.3
v0.8.0-rc.4
v0.8.0-rc.5
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.5
v0.8.6
v0.8.7
v0.9.0
v0.9.0-rc10
v0.9.0-rc11
v0.9.0-rc12
v0.9.0-rc13
v0.9.0-rc14
v0.9.0-rc15
v0.9.0-rc16
v0.9.0-rc17
v0.9.0-rc18
v0.9.0-rc19
v0.9.0-rc2
v0.9.0-rc20
v0.9.0-rc21
v0.9.0-rc22
v0.9.0-rc23
v0.9.0-rc24
v0.9.0-rc25
v0.9.0-rc26
v0.9.0-rc27
v0.9.0-rc28
v0.9.0-rc29
v0.9.0-rc3
v0.9.0-rc30
v0.9.0-rc31
v0.9.0-rc32
v0.9.0-rc33
v0.9.0-rc4
v0.9.0-rc5
v0.9.0-rc6
v0.9.0-rc7
v0.9.0-rc8
v0.9.0-rc9
v0.9.1-rc1
v0.9.3-rc1
v0.9.4-rc1
v0.9.5-rc1
v0.9.6-rc1
v1.*
v1.0.0
v1.0.0-beta1
v1.0.0-beta2
v1.0.0-beta3
v1.0.0-rc1
v1.0.0-rc2
v1.0.1
v1.0.2
v1.1.0
v1.1.0-rc1
v1.1.0-rc2
v1.2.0
v1.2.0-rc1
v1.2.0-rc2
v1.2.1
v1.2.1-rc1
v1.2.1-rc2
v1.2.1-rc3
v1.2.1-rc4
v1.2.1-rc5
v1.2.2
v1.3.0rc1
v1.4.0rc0
v1.5.0
v1.5.0rc0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.0rc4
v1.5.0rc5
v1.5.0rc6
v1.6.0rc0
v2.*
v2.0.0-alpha.1
v2.0.0-alpha.10
v2.0.0-alpha.10.1
v2.0.0-alpha.10.2
v2.0.0-alpha.11
v2.0.0-alpha.12
v2.0.0-alpha.13
v2.0.0-alpha.14
v2.0.0-alpha.15
v2.0.0-alpha.16
v2.0.0-alpha.17
v2.0.0-alpha.18
v2.0.0-alpha.19
v2.0.0-alpha.2
v2.0.0-alpha.20
v2.0.0-alpha.21
v2.0.0-alpha.3
v2.0.0-alpha.4
v2.0.0-alpha.5
v2.0.0-alpha.6
v2.0.0-alpha.7
v2.0.0-alpha.8
v2.0.0-alpha.9
v2.0.0-beta.1
v2.0.0-beta.10
v2.0.0-beta.11
v2.0.0-beta.12
v2.0.0-beta.13
v2.0.0-beta.14
v2.0.0-beta.15
v2.0.0-beta.16
v2.0.0-beta.2
v2.0.0-beta.3
v2.0.0-beta.4
v2.0.0-beta.5
v2.0.0-beta.6
v2.0.0-beta.7
v2.0.0-beta.8
v2.0.0-beta.9
v2.0.0-rc.0
v2.0.0-rc.1
v2.0.0-rc.2
v2.0.0-rc.3
v2.0.0-rc.4
v2.0.1-alpha.10
v2.3.0
v2.5.0
v2.6.0
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9