mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 03:02:30 +00:00
1.7 KiB
1.7 KiB
CVE-2019-20933
Description
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
POC
Reference
No PoCs from references.
Github
- https://github.com/0xaniketB/HackTheBox-Devzat
- https://github.com/0xsyr0/OSCP
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/DolphFlynn/jwt-editor
- https://github.com/Hydragyrum/CVE-2019-20933
- https://github.com/Live-Hack-CVE/CVE-2019-20933
- https://github.com/LorenzoTullini/InfluxDB-Exploit-CVE-2019-20933
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/StarCrossPortal/scalpel
- https://github.com/The-Cracker-Technology/jwt_tool
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/anonymous364872/Rapier_Tool
- https://github.com/apif-review/APIF_tool_2024
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/crpytoscooby/resourses_web
- https://github.com/mishmashclone/ticarpi-jwt_tool
- https://github.com/puckiestyle/jwt_tool
- https://github.com/tarihub/offlinepost
- https://github.com/tarimoe/offlinepost
- https://github.com/ticarpi/jwt_tool
- https://github.com/youcans896768/APIV_Tool
- https://github.com/zhangziyang301/jwt_tool