InfluxDB
aka tsdb
Time-series database with an HTTP API on 8086. CVE-2019-20933 is an authentication bypass — a forged JWT (empty shared secret) grants full unauthenticated access to every database.
Ports
| Port | Proto | Notes |
|---|---|---|
8086 | tcp | InfluxDB HTTP API |
Fingerprint
- GET /ping returns 204 + X-Influxdb-Version header
- /query and /write endpoints respond
Known CVEs
| CVE | Impact |
|---|---|
| CVE-2019-20933 | Auth bypass via JWT signed with an empty shared secret |
Exploitation primitives
- Grab the version from the X-Influxdb-Version header
- CVE-2019-20933: if auth is enabled but the shared secret is empty, forge a JWT for any user
- Query every database (SHOW DATABASES → SELECT) — metrics often leak creds/hosts
Overview
InfluxDB on 8086 is a time-series store fronted entirely by HTTP. The 2019 auth-bypass turns an “authenticated” instance into a wide-open one.
Enumeration
Version (header) + reachability:
curl -i http://<TARGET>:8086/pingUnauthenticated query attempt:
curl -G "http://<TARGET>:8086/query" --data-urlencode "q=SHOW DATABASES"Auth bypass (CVE-2019-20933)
python3 __main__.py(Enter the target host/port and a username such as admin; the tool forges a JWT and drops you into an interactive query shell.)
List and read data:
SHOW DATABASES
USE <db>
SELECT * FROM <measurement> LIMIT 10Hardening
Set a non-empty shared-secret, require authentication, and upgrade past 1.7.6.