InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "influxdb": "1.1.1+dfsg1-4+deb9u1ubuntu1", "influxdb-client": "1.1.1+dfsg1-4+deb9u1ubuntu1", "influxdb-dbgsym": "1.1.1+dfsg1-4+deb9u1ubuntu1", "influxdb-dev": "1.1.1+dfsg1-4+deb9u1ubuntu1", "influxdb-client-dbgsym": "1.1.1+dfsg1-4+deb9u1ubuntu1", "golang-github-influxdb-influxdb-dev": "1.1.1+dfsg1-4+deb9u1ubuntu1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "influxdb": "1.6.4-1+deb10u1build0.20.04.1", "influxdb-client": "1.6.4-1+deb10u1build0.20.04.1", "influxdb-dbgsym": "1.6.4-1+deb10u1build0.20.04.1", "influxdb-client-dbgsym": "1.6.4-1+deb10u1build0.20.04.1", "golang-github-influxdb-influxdb-dev": "1.6.4-1+deb10u1build0.20.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "influxdb": "1.6.7~rc0-1", "influxdb-client": "1.6.7~rc0-1", "influxdb-dbgsym": "1.6.7~rc0-1", "influxdb-client-dbgsym": "1.6.7~rc0-1", "golang-github-influxdb-influxdb-dev": "1.6.7~rc0-1" } ] }