OpenTSDB <=2.4.0 - Remote Code Execution

OpenTSDB 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...

EUVD-2022-3656

Malicious code in bioql PyPI...

EUVD-2022-3129

Malicious code in bioql PyPI...

EUVD-2022-3028

Malicious code in bioql PyPI...

EUVD-2022-5110

Malicious code in bioql PyPI...

EUVD-2023-1514

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. CVE-2020-13430 Note that Nessus relies on the presence of the package as reported by the...

CVE-2023-36812

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

CVE-2023-25827

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip:...

ALSA-2024:9115 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip:...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 dompurify:...

ALSA-2024:8678 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

RHEL 8 : grafana (RHSA-2024:8327)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8327 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips:...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/http: Denial of service due to improper 100-continue handling in net/http CVE-2024-24791 For more details about the security issues, including the impact, a CVSS score...

RHEL 9 : grafana (RHSA-2024:7202)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:7202 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob: golang:...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:5291 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip:...