VDB
DEBIAN-CVE-2019-20933
DEBIAN-CVE-2019-20933
PUBLISHED
CVSS 9.800000190734863 CRITICAL
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | influxdb | 0, 0, 0 |
| Debian:13 | influxdb | 0, 0, 0 |
| Debian:12 | influxdb | 0, 0, 0 |
| Debian:11 | influxdb | 0, 0, 0 |
Exploit Intelligence
- Lab 5: InfluxDB Authentication Bypass (CVE-2019-20933) - Writeup and Exploit (github-poc-repo)
- Lab 5: InfluxDB Authentication Bypass (CVE-2019-20933) - Writeup and Exploit (github-poc)
- Hydragyrum/CVE-2019-20933 (github-poc-repo)
- InfluxDB CVE-2019-20933 vulnerability exploit (github-poc-repo)
- Hydragyrum/CVE-2019-20933 (github-poc)
- InfluxDB CVE-2019-20933 vulnerability exploit (github-poc)
- web_poc_map_v2.yaml (github-poc)
- cve_version_check.go (github-poc)
- nuclei_routing.go (github-poc)
- Nuclei Template: CVE-2019-20933 (nuclei-template)
Timeline
- Nov 19, 2020 CVE Published
- Apr 28, 2026 CVE Updated