Debian: DSA-4823-1: influxdb security update
Debian: DSA-4823-1: influxdb security update
It was discovered that incorrect validation of JWT tokens in InfluxDB, a time series, metrics, and analytics database, could result in authentication bypass.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4823-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff January 01, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : influxdb CVE ID : CVE-2019-20933 It was discovered that incorrect validation of JWT tokens in InfluxDB, a time series, metrics, and analytics database, could result in authentication bypass. For the stable distribution (buster), this problem has been fixed in version 1.6.4-1+deb10u1. We recommend that you upgrade your influxdb packages. For the detailed security status of influxdb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/influxdb Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.