InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/influxdata/influxdb(Go) | 0 | 1.7.6 | N/A |
CVSS Metrics
