vulnerability

Debian: CVE-2022-36640: influxdb -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Sep 2, 2022

Added

May 15, 2025

Modified

Mar 30, 2026

Description

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.

Solution

no-fix-debian-deb-package

References

CVE-2022-36640
https://attackerkb.com/topics/CVE-2022-36640
CWE-276
EUVD-EUVD-2022-39343
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-39343

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report