CVE-2024-30896 Information

Description

InfluxDB through 2.7.10 allows allAccess administrators to retrieve all raw tokens via an \influx auth ls\ command. NOTE: the supplier indicates that this is intentional but is a \poor design choice\ that will be changed in a future release.

Reference

https://github.com/influxdata/influxdb/issues/24797 https://github.com/XenoM0rph97/CVE-2024-30896