This issue was fixed in version v1.8.10.5. CVE-2018-1000710 influxData before v1.8.10.5 contains an unauthenticated remote code execution vulnerability. A malicious user with a valid account could send a specially crafted request to the InfluxDB server, which could be exploited to execute arbitrary code with root privileges.
CVE-2018-1000118 influxData before v1.8.10.5 contains an unauthenticated remote code execution vulnerability. A malicious user with a valid account could send a specially crafted request to the InfluxDB server, which could be exploited to execute arbitrary code with root privileges.
CVE-2018-1000088 influxData before v1.8.10.5 contains an unauthenticated remote code execution vulnerability. A malicious user with a valid account could send a specially crafted request to the InfluxDB server, which could be exploited to execute arbitrary code with root privileges.
CVE-2018-10000106 influxData before v1.8.10.5 contains an unauthenticated remote code execution vulnerability. A malicious user with a valid account could send a specially crafted request to the InfluxDB server, which could be exploited to execute arbitrary code with root privileges.
CVE-2018-1000115 influxData before v1.8.10.5 contains an unauthenticated remote code execution vulnerability. A malicious user with a valid account
^ {CVE-2018-1000088}
This issue was fixed in version v1.8.10.5. CVE-2018-1000710 influxData before v1.8.10.5 contains an unauthenticated remote code execution vulnerability. A malicious user with a valid account could send a specially crafted request to the InfluxDB server, which could be exploited to execute arbitrary code with root privileges.
This issue was fixed in version v1.8.10.5 and later versions of influxData prior to v1.8.10.2 contain an unauthenticated remote code execution vulnerability which has been assigned CVE-2018-1000118, CVE-2018-1000120, and CVE-2018-1000122 for the 32 bit Windows, 64 bit Windows, and 64 bit Linux platforms respectively because they are separate issues that were not originally included in the original announcement of the vulnerability on November 7th 2018.
^^
This issue was fixed in version v1.8.10.5.
This issue was fixed in version v1.8.10.5.
This issue was fixed in version v1.8.10.5
Timeline
Published on: 09/02/2022 21:15:00 UTC
Last modified on: 09/08/2022 03:28:00 UTC
References
- https://portal.influxdata.com/downloads/
- http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx
- http://influxdb.com
- http://influxdata.com
- https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb
- https://www.influxdata.com/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36640