Critical severityNVD Advisory· Published Nov 19, 2020· Updated Aug 5, 2024
CVE-2019-20933
CVE-2019-20933
Description
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/influxdata/influxdbGo | < 1.7.6 | 1.7.6 |
Affected products
67- InfluxDB/InfluxDBdescription
- ghsa-coords66 versionspkg:golang/github.com/influxdata/influxdbpkg:rpm/suse/ardana-cassandra&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/influxdb&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/influxdb&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/influxdb&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ironic-python-agent&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic-python-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Jinja2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Jinja2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-pytest&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-pytest&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209
< 1.7.6+ 65 more
- (no CPE)range: < 1.7.6
- (no CPE)range: < 9.0+git.1600802664.7e480a2-3.6.2
- (no CPE)range: < 9.0+git.1605174486.a78ddce-3.19.2
- (no CPE)range: < 9.0+git.1601621747.a87e5a0-3.22.2
- (no CPE)range: < 9.0+git.1603378983.fc0bca9-3.19.2
- (no CPE)range: < 6.0+git.1606314264.bf9ada813-3.31.2
- (no CPE)range: < 4.0+git.1604938545.30c10db18-9.77.1
- (no CPE)range: < 6.0+git.1604573541.bb18c172d-3.28.3
- (no CPE)range: < 6.7.4-1.20.1
- (no CPE)range: < 6.7.4-3.20.1
- (no CPE)range: < 6.7.4-3.20.1
- (no CPE)range: < 1.2.4-5.1
- (no CPE)range: < 1.3.8-4.3.3
- (no CPE)range: < 1.3.8-4.3.3
- (no CPE)range: < 13.0.10~dev20-3.28.2
- (no CPE)range: < 13.0.10~dev20-3.28.2
- (no CPE)range: < 11.0.4~dev4-3.19.2
- (no CPE)range: < 11.0.4~dev4-3.19.2
- (no CPE)range: < 12.0.1~dev2-3.3.4
- (no CPE)range: < 12.0.1~dev2-3.3.4
- (no CPE)range: < 0.0.0+git.1605509190.64f020b6-3.9.3
- (no CPE)range: < 0.0.0+git.1605509190.64f020b6-3.9.3
- (no CPE)range: < 12.0.1~dev3-3.3.4
- (no CPE)range: < 12.0.1~dev3-3.3.4
- (no CPE)range: < 3.3.4~dev6-3.19.4
- (no CPE)range: < 3.3.4~dev6-3.19.4
- (no CPE)range: < 7.4.2~dev57-4.30.2
- (no CPE)range: < 7.4.2~dev57-4.30.2
- (no CPE)range: < 13.0.8~dev135-3.31.2
- (no CPE)range: < 13.0.8~dev135-3.31.2
- (no CPE)range: < 12.0.1~dev5-3.19.4
- (no CPE)range: < 12.0.1~dev5-3.19.4
- (no CPE)range: < 13.0.2~dev6-3.9.2
- (no CPE)range: < 13.0.2~dev6-3.9.2
- (no CPE)range: < 18.3.1~dev77-3.31.2
- (no CPE)range: < 18.3.1~dev77-3.31.2
- (no CPE)range: < 2.10.1-3.3.3
- (no CPE)range: < 2.10.1-3.3.3
- (no CPE)range: < 4.5.0-4.3.3
- (no CPE)range: < 4.5.0-4.3.3
- (no CPE)range: < 3.7.4-3.3.3
- (no CPE)range: < 3.7.4-3.3.3
- (no CPE)range: < 1.16-3.12.1
- (no CPE)range: < 1.23-3.15.3
- (no CPE)range: < 1.23-3.15.3
- (no CPE)range: < 9.20200917-3.24.3
- (no CPE)range: < 9.20200917-3.24.3
- (no CPE)range: < 2.2.3-5.3.3
- (no CPE)range: < 2.2.3-5.3.3
- (no CPE)range: < 7.0.1~dev24-3.21.2
- (no CPE)range: < 13.0.10~dev20-3.24.2
- (no CPE)range: < 7.0.2~dev2-3.21.2
- (no CPE)range: < 17.0.1~dev30-3.19.2
- (no CPE)range: < 11.0.4~dev4-3.21.2
- (no CPE)range: < 14.1.1~dev7-4.23.2
- (no CPE)range: < 11.1.5~dev16-4.19.2
- (no CPE)range: < 14.2.1~dev4-3.21.2
- (no CPE)range: < 7.2.1~dev1-4.21.2
- (no CPE)range: < 7.4.2~dev57-3.25.2
- (no CPE)range: < 1.8.2~dev3-3.21.2
- (no CPE)range: < 2.7.1~dev10-3.19.2
- (no CPE)range: < 13.0.8~dev135-6.23.2
- (no CPE)range: < 18.3.1~dev77-3.23.2
- (no CPE)range: < 3.2.3~dev7-4.21.2
- (no CPE)range: < 9.0.2~dev15-3.21.2
- (no CPE)range: < 2.19.2~dev48-2.16.2
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-2rmp-fw5r-j5qvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-20933ghsaADVISORY
- www.debian.org/security/2021/dsa-4823ghsavendor-advisoryx_refsource_DEBIANWEB
- github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0ghsax_refsource_MISCWEB
- github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6ghsax_refsource_MISCWEB
- github.com/influxdata/influxdb/issues/12927ghsax_refsource_MISCWEB
- github.com/ticarpi/jwt_tool/blob/a6ca3e0524a204b5add070bc6874cb4e7e5a9864/jwt_tool.pyghsaWEB
- lists.debian.org/debian-lts-announce/2020/12/msg00030.htmlghsamailing-listx_refsource_MLISTWEB
- pkg.go.dev/github.com/influxdata/influxdb/services/httpdghsaPACKAGE
News mentions
0No linked articles in our index yet.