What is CVE-2019-20933?

CVE-2019-20933 is a vulnerability in N/a. Published 2020-11-19.

Is CVE-2019-20933 known to be exploited?

37 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

EPSS: 0.937 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/influxdata/influxdb/issues/12927 (x_refsource_MISC)
github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6 (x_refsource_MISC)
github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0 (x_refsource_MISC)
[debian-lts-announce] 20201220 [SECURITY] [DLA 2501-1] influxdb security update (mailing-list, x_refsource_MLIST)
DSA-4823 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2019-20933?: CVE-2019-20933 is a vulnerability in N/a. Published 2020-11-19.
Is CVE-2019-20933 known to be exploited?: 37 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.