6 matches found
OpenTSDB 2.4.1 unauthenticated command injection
This module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 CVE-2023-36812/CVE-2023-25826 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If...
Exploit for OS Command Injection in Opentsdb
opentsdbkeycmdinjection An exploit for OpenTSDB -l -p -...
io.kamon:kamon-opentsdb_2.10 (=0.6.7), io.kamon:kamon-opentsdb_2.11 (=0.6.7) +2 more potentially affected by CVE-2023-25826 via net.opentsdb:opentsdb (>=2.3.0 <=2.4.0)
net.opentsdb:opentsdb MAVEN version =2.3.0, =2.3.2, =2.4.0 Source cves: CVE-2023-25826 Source advisory: OSV:GHSA-H475-7V3C-26Q7...
CVE-2023-25826 Remote Code Execution in OpenTSDB
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...
CVE-2023-25826
CVE-2023-25826 affects OpenTSDB via unauthenticated command injection in the HTTP query path (legacy API). The issue stems from insufficient validation of parameters (notably in the query API), allowing crafted commands to bypass regex filters and execute on the host. Public writeups and exploits...
CVE-2023-25826 Remote Code Execution in OpenTSDB
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...