CVE-2019-20933 in Ubuntu

CVE-2019-20933

Priority

Description

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the
authenticate function in services/httpd/handler.go because a JWT token may
have an empty SharedSecret (aka shared secret).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20933
https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0
https://github.com/influxdata/influxdb/issues/12927
https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6
https://ubuntu.com/security/notices/USN-5451-1

Notes

Package

Source: influxdb (LP Ubuntu Debian)

Upstream:	released (1.7.6)
Ubuntu 18.04 LTS:	released (1.1.1+dfsg1-4+deb9u1ubuntu1)
Ubuntu 20.04 LTS:	released (1.6.4-1+deb10u1build0.20.04.1)
Ubuntu 21.10:	released (1.6.7~rc0-1)
Ubuntu 22.04 LTS:	released (1.6.7~rc0-1)
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-06-10 14:00:39 UTC (commit 22cd97abab61e5eccab4070a258ab5d6a94b972b)