CVE-2019-20933 (https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0): InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). Maintainer, please cleanup affected versions. Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6504a9bd8d9d9898d388213ef6d45ef472828a5e commit 6504a9bd8d9d9898d388213ef6d45ef472828a5e Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-07-24 05:49:51 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-07-24 06:21:24 +0000 dev-db/influxdb: drop 1.5.1, 1.6.3, 1.6.4 Bug: https://bugs.gentoo.org/760842 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-db/influxdb/Manifest | 85 --------------------------- dev-db/influxdb/influxdb-1.5.1.ebuild | 102 -------------------------------- dev-db/influxdb/influxdb-1.6.3.ebuild | 102 -------------------------------- dev-db/influxdb/influxdb-1.6.4.ebuild | 107 ---------------------------------- 4 files changed, 396 deletions(-)
Tree clean, all done!