172 matches found
CVE-2020-35476
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...
CVE-2020-35476
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...
Remote code execution
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...
OpenTSDB 操作系统命令注入漏洞
OpenTSDB is a distributed, scalable time series database TSDB based on Hbase. A command execution vulnerability exists in OpenTSDB 2.4.0 and earlier versions. An attacker can exploit this vulnerability to achieve remote code execution via the yrange parameter injection command...
CVE-2020-35476
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...
CVE-2020-35476
OpenTSDB 2.4.0 and earlier is vulnerable to remote code execution via the yrange parameter, which writes a gnuplot file to /tmp and invokes it through mygnuplot.sh. The underlying issue is command injection not fully mitigated by tsd/GraphHandler.java, enabling an attacker to execute arbitrary co...
PT-2020-6865 · Opentsdb · Opentsdb
Name of the Vulnerable Software and Affected Versions: OpenTSDB versions prior to 2.4.1 Description: A remote code execution issue occurs due to command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory, which is then executed via the...
Moderate: Red Hat Security Advisory: grafana security, bug fix, and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Moderate: grafana security, bug fix, and enhancement update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 6.7.4. BZ1807323 Security Fixes: grafana: XSS vulnerability via a column style on the "Dashboard Table Panel...
grafana: XSS via the OpenTSDB datasource
A flaw was found in grafana Tag value XSS via the OpenTSDB datasource are possible. The highest threat from this vulnerability is to data confidentiality and integrity...
Fedora: Security Advisory for grafana (FEDORA-2020-e6e81a03d6)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-13430
A flaw was found in grafana Tag value XSS via the OpenTSDB datasource are possible. The highest threat from this vulnerability is to data confidentiality and integrity...
[SECURITY] Fedora 32 Update: grafana-6.7.4-1.fc32
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
[SECURITY] Fedora 31 Update: grafana-6.7.4-1.fc31
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
Cross-Site Scripting (XSS)
github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the OpenTSDB datasource...
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...
Code injection
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...