CVE-2024-30896
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-30896 is a vulnerability affecting InfluxDB Open Source Edition 2.x through 2.7.11, where the administrative operator token is stored in the default organization. Authorized users with read access to the authorization resource of the default organization can retrieve the operator token, posing a security risk. Notably, InfluxDB 1.x, Enterprise, Cloud, Cloud Dedicated, and Clustered versions are not vulnerable. The supplier acknowledges the issue but maintains that users have the option to add users to non-default organizations. A planned future release of InfluxDB 2.x will eliminate the API functionality that enables token retrieval.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Influxdata Influxdb
Affected Vendors
- InfluxData