CVE-2019-20933

CRITICAL EXPLOITED NUCLEI

InfluxDB < 1.7.6 - Authentication Bypass via Empty JWT SharedSecret

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-20933 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including LorenzoTullini, Hydragyrum, Dungsocool. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-20933, an authentication bypass vulnerability in InfluxDB before 1.7.6. The exploit generates a JWT token with an empty SharedSecret and uses it to bypass authentication, allowing unauthorized access to the database.

Description

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

Exploits (3)

nomisec WORKING POC 42 stars
by LorenzoTullini · remote
https://github.com/LorenzoTullini/InfluxDB-Exploit-CVE-2019-20933

This repository contains a functional exploit for CVE-2019-20933, an authentication bypass vulnerability in InfluxDB before 1.7.6. The exploit generates a JWT token with an empty SharedSecret and uses it to bypass authentication, allowing unauthorized access to the database.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: InfluxDB before 1.7.6
No auth needed
Prerequisites: Network access to the target InfluxDB instance · InfluxDB version before 1.7.6
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Hydragyrum · remote
https://github.com/Hydragyrum/CVE-2019-20933

This repository contains a functional Python exploit for CVE-2019-20933, an authentication bypass vulnerability in InfluxDB before 1.7.6. The exploit generates a JWT token with an empty SharedSecret and uses it to execute arbitrary queries against the InfluxDB API.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: InfluxDB before 1.7.6
No auth needed
Prerequisites: Network access to the InfluxDB HTTP API (default port 8086)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Dungsocool · poc
https://github.com/Dungsocool/CVE-2019-20933

This repository contains a functional Python exploit for CVE-2019-20933, which targets an authentication bypass vulnerability in InfluxDB. The exploit generates a forged JWT token with an empty secret key to bypass authentication and execute arbitrary queries.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: InfluxDB (versions affected by CVE-2019-20933)
No auth needed
Prerequisites: Network access to the target InfluxDB instance
devstral-2 · analyzed May 29, 2026 Full analysis →

Nuclei Templates (1)

InfluxDB <1.7.6 - Authentication Bypass
CRITICALVERIFIEDby pussycat0x,c-sh0
Shodan: InfluxDB || http.title:"influxdb - admin interface" || influxdb
FOFA: title="influxdb - admin interface"

References (5)

Core 5
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/influxdata/influxdb/issues/12927
Patch, Third Party Advisory x_refsource_misc
https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4823

Scores

CVSS v3 9.8
EPSS 0.9375
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-29
CWE
CWE-287
Status published
Products (4)
debian/debian_linux 9.0
debian/debian_linux 10.0
influxdata/influxdb < 1.7.6
influxdata/influxdb 0 - 1.7.6Go
Published Nov 19, 2020
Tracked Since Feb 18, 2026