Unauthorized access to data [SOLVED]

fmachado · October 9, 2017, 4:29pm

Hi InfluxDB team,

I would like to report a small vulnerability on InfluxDB where a user is allowed to get some data from another database even without permission. This vulnerability is locally and remotely exploitable.

I know there is a GitHub repo to report this kind of issue but before going public with this information, I want to make sure the InfluxDB team is aware about it first.

Regards,

Fernando Machado

fmachado · October 9, 2017, 8:10pm

Update Oct, 09: someone from the InfluxDB team is handling this issue. I’m updating it as [SOLVED].

Topic		Replies	Views
InfluxDB user authorization permissions does not work as expected influxdb	0	557	January 27, 2020
Last update broke my InfluxDB	3	518	September 26, 2022
"influx v1 shell" unauthorized access InfluxDB 2	1	1317	December 11, 2023
While using InfluxDB 2.7.11, we have detected an unauthorized access vulnerability affecting the Swagger API endpoint /api/v2/swagger.json. Could you please advise on solutions to block this endpoint? Thank you.	0	12	May 28, 2026
Unauthorized access the Influxdb 2 OSS UI with the current credentials InfluxDB 2	2	790	March 13, 2024

Unauthorized access to data [SOLVED]

Related topics