A1Ieno

**Name of the Vulnerable Software and Affected Versions** InfluxDB versions prior to 1.7.6 **Description** The issue is related to an authentication bypass vulnerability in the `authenticate` function in `services/httpd/handler.go` due to a JWT token having an empty `SharedSecret`. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For InfluxDB versions prior to 1.7.6, update to version 1.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `authenticate` function in `services/httpd/handler.go` until a patch is available. Avoid using JWT tokens with empty `SharedSecret` values in the affected API endpoints until the issue is resolved.