Influxdata Influxdata

  1. Vendors
  2. Influxdata

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Influxdata product.

RSS Feeds for Influxdata security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Influxdata products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Influxdata Sorted by Most Security Vulnerabilities since 2018

Influxdata Influxdb4 vulnerabilities

Influxdata Telegraf1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Influxdata. Influxdata did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 1 9.10
2023 0 0.00
2022 1 9.80
2021 0 0.00
2020 3 7.30

It may take a day or so for new Influxdata vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Influxdata Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-30896 Nov 21, 2024
InfluxDB: Privilege Escalation via Raw Token Retrieval InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API. The supplier has stated that InfluxDB 2.8.0 has addressed this issue.
Influxdb
CVE-2022-36640 Sep 02, 2022
Unauth Cmd Exec in InfluxDB <1.8.10 (v1.8.9) influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
Influxdb
CVE-2020-35187 Dec 17, 2020
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Telegraf
CVE-2019-20933 Nov 19, 2020
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
Influxdb
CVE-2018-17572 Mar 02, 2020
InfluxDB 0.9.5 has Reflected XSS in the Write Data module. InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
Influxdb
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.