debian · CVE-2022-36640

Quick triage

Priority: unimportant Published: Updated: Tue, 07 Jul 2026 02:04:12 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2022-36640 unimportant priority: Debian including 1 source packages (influxdb), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 5.

Description:

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization."

cvelogic Threat Intelligence