Lucene search
GoogleOSV:GHSA-HV53-Q76C-7F8CHistoryAug 02, 2021 - 5:02 p.m.
OS Command Injection in OpenTSDB
2021-08-0217:02:21
Google
osv.dev
23
0.962 High
EPSS
Percentile
99.5%
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)
Related
packetstorm
packetstorm
OpenTSDB 2.4.0 Command Injection
2022-12-23 00:00:00
checkpoint_advisories
checkpoint_advisories
StumbleUpon OpenTSDB Remote Code Execution (CVE-2020-35476)
2021-02-10 00:00:00
nuclei
nuclei
OpenTSDB <=2.4.0 - Remote Code Execution
2021-01-31 17:35:32
osv
osv
CVE-2020-35476
2020-12-16 08:15:13
Command injection in OpenTSDB
2023-05-03 21:30:18
CVE-2023-25826
2023-05-03 19:15:08
zdt
zdt
OpenTSDB 2.4.0 Command Injection Exploit
2022-12-24 00:00:00
nvd
nvd
CVE-2020-35476
2020-12-16 08:15:13
CVE-2023-25826
2023-05-03 19:15:08
cvelist
cvelist
CVE-2020-35476
2020-12-16 00:00:00
CVE-2023-25826 Remote Code Execution in OpenTSDB
2023-05-03 18:33:59
cve
cve
CVE-2020-35476
2020-12-16 08:15:13
CVE-2023-25826
2023-05-03 19:15:08
prion
prion
Remote code execution
2020-12-16 08:15:00
Input validation
2023-05-03 19:15:00
metasploit
metasploit
OpenTSDB 2.4.0 unauthenticated command injection
2022-11-24 19:37:24
github
github
OS Command Injection in OpenTSDB
2021-08-02 17:02:21
Command injection in OpenTSDB
2023-05-03 21:30:18
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-01-06 21:32:44