How severe is CVE-2024-30896?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-30896?

This is classified as CWE-922, which is a common weakness in software security.

CVE-2024-30896 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.

Related Vulnerabilities

CVE-2022-0724

CRITICAL

CVSS:9.1(Critical)

Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

CWE-9222022

CVE-2024-10943

CRITICAL

CVSS:9.1(Critical)

An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat...

CWE-9222024

CVE-2024-3501

CRITICAL

CVSS:9.1(Critical)

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/use...

CWE-9222024

CVE-2024-3502

CRITICAL

CVSS:9.1(Critical)

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This iss...

CWE-9222024

CVE-2017-7253

HIGH

CVSS:8.8(High)

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with adm...

CWE-9222017

CVE-2023-42913

HIGH

CVSS:8.8(High)

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.

CWE-9222023