Lucene search
K

6 matches found

Metasploit
Metasploit
added 2023/09/08 7:52 p.m.360 views

OpenTSDB 2.4.1 unauthenticated command injection

This module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 CVE-2023-36812/CVE-2023-25826 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If...

9.8CVSS8.8AI score0.35604EPSS
Exploits4
GithubExploit
GithubExploit
added 2023/09/07 1:47 p.m.432 views

Exploit for OS Command Injection in Opentsdb

opentsdbkeycmdinjection An exploit for OpenTSDB -l -p -...

9.8CVSS9.6AI score0.8533EPSS
Exploits8
vulnersOsv
vulnersOsv
added 2023/05/03 9:30 p.m.6 views

io.kamon:kamon-opentsdb_2.10 (=0.6.7), io.kamon:kamon-opentsdb_2.11 (=0.6.7) +2 more potentially affected by CVE-2023-25826 via net.opentsdb:opentsdb (>=2.3.0 <=2.4.0)

net.opentsdb:opentsdb MAVEN version =2.3.0, =2.3.2, =2.4.0 Source cves: CVE-2023-25826 Source advisory: OSV:GHSA-H475-7V3C-26Q7...

9.8CVSS7.2AI score0.35604EPSS
Exploits4
Cvelist
Cvelist
added 2023/05/03 6:33 p.m.61 views

CVE-2023-25826 Remote Code Execution in OpenTSDB

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS9.9AI score0.35604EPSS
Exploits4References3
CVE
CVE
added 2023/05/03 6:33 p.m.115 views

CVE-2023-25826

CVE-2023-25826 affects OpenTSDB via unauthenticated command injection in the HTTP query path (legacy API). The issue stems from insufficient validation of parameters (notably in the query API), allowing crafted commands to bypass regex filters and execute on the host. Public writeups and exploits...

9.8CVSS9.6AI score0.35604EPSS
Exploits4References3Affected Software1
OSV
OSV
added 2023/05/03 6:33 p.m.19 views

CVE-2023-25826 Remote Code Execution in OpenTSDB

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS7.4AI score0.35604EPSS
Exploits4References6
Rows per page
Query Builder