InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
This cross-site-scripting (XSS) vulnerability affects the admin GUI of InfluxDB.
Furthermore, in InfluxDB v1.2 the admin GUI was deprecated and disabled by default (thanks for the find jpadman).
OpenShift ServiceMesh vendors InfluxDB v1.2.3+ in servicesh-prometheus and is not vulnerable. Plus the vendored code, is just the client libraries for InfluxDB.
The following OpenShift containers only vendor in the InfluxDB client version, not vulnerable to the admin GUI vulnerability:
Created golang-github-influxdb-influxdb tracking bugs for this issue:
Affects: epel-6 [bug 1812330]
Affects: fedora-30 [bug 1812329]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):