CVE-2019-20933: influxdb: authentication bypass because a JWT token may have an empty SharedSecret

Severity: Critical

CVSS Score: 9.8

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).