CVE-2022-36640

Name of the Vulnerable Software and Affected Versions influxDB versions prior to 1.8.10

Description The issue concerns the lack of an authentication mechanism or controls in influxDB, allowing unauthenticated attackers to execute arbitrary commands. This could potentially expose data to any unauthenticated user if the database is deployed on a publicly accessible endpoint.

Recommendations For versions prior to 1.8.10, update to version 1.8.10 or later to enable authentication and authorization mechanisms, thereby preventing unauthenticated access and command execution. As a temporary workaround, consider restricting access to the influxDB instance to minimize the risk of exploitation until the update can be applied.