Lucene search
K

172 matches found

NVD
NVD
added 2023/06/30 11:15 p.m.83 views

CVE-2023-36812

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

9.8CVSS9.7AI score0.16501EPSS
Exploits4References4
Prion
Prion
added 2023/06/30 11:15 p.m.30 views

Remote code execution

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

7.5CVSS9.6AI score0.16501EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2023/06/30 10:58 p.m.60 views

GHSA-76F7-9V52-V2FW Remote Code Execution for 2.4.1 and earlier

Impact OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. Patches Patched in 07c4641471c6f5c2ab5aab615969e97211eb50d9 and further refined in...

9.8CVSS9.6AI score0.16501EPSS
Exploits4References6
vulnersOsv
vulnersOsv
added 2023/06/30 10:58 p.m.5 views

io.kamon:kamon-opentsdb_2.10 (=0.6.7), io.kamon:kamon-opentsdb_2.11 (=0.6.7) +2 more potentially affected by CVE-2023-36812 via net.opentsdb:opentsdb (>=2.3.0 <=2.4.0)

net.opentsdb:opentsdb MAVEN version =2.3.0, =2.3.2, =2.4.0 Source cves: CVE-2023-36812 Source advisory: OSV:GHSA-76F7-9V52-V2FW...

9.8CVSS7.2AI score0.16501EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2023/06/30 10:58 p.m.61 views

Remote Code Execution for 2.4.1 and earlier

Impact OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. Patches Patched in 07c4641471c6f5c2ab5aab615969e97211eb50d9 and further refined in...

9.8CVSS7.5AI score0.16501EPSS
Exploits4References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/30 10:58 p.m.12 views

CVE-2023-36812 Remote Code Execution in OpenTSDB

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

9.8CVSS7.2AI score0.16501EPSS
Exploits4References4
Cvelist
Cvelist
added 2023/06/30 10:58 p.m.77 views

CVE-2023-36812 Remote Code Execution in OpenTSDB

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

9.8CVSS9.9AI score0.16501EPSS
Exploits4References4
OSV
OSV
added 2023/06/30 10:58 p.m.32 views

CVE-2023-36812 Remote Code Execution in OpenTSDB

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

9.8CVSS9.2AI score0.16501EPSS
Exploits4References6
CVE
CVE
added 2023/06/30 10:58 p.m.70 views

CVE-2023-36812

OpenTSDB (2.4.1 affected; patched in 2.4.2) has a Remote Code Execution vulnerability (CVE-2023-36812) caused by writing user-controlled input to a Gnuplot configuration file and executing Gnuplot. The issue enables unauthenticated remote code execution via crafted requests, and is evidenced by p...

9.8CVSS9.6AI score0.16501EPSS
Exploits4References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.4 views

PT-2023-25703 · Opentsdb · Opentsdb

Name of the Vulnerable Software and Affected Versions: OpenTSDB versions prior to 2.4.2 Description: OpenTSDB is vulnerable to Remote Code Execution by writing user-controlled input to the Gnuplot configuration file and running Gnuplot with the generated configuration. The issue has been patched ...

9.8CVSS9.6AI score0.16501EPSS
Exploits4References16
Veracode
Veracode
added 2023/05/09 5:46 a.m.30 views

Command Injection

net.opentsdb:opentsdb is vulnerable to Command Injection. Insufficient validation of parameters passed to the legacy HTTP query API allows crafted OS commands to bypass validation, allowing malicious code to execute on the OpenTSDB host system...

9.8CVSS9.4AI score0.35604EPSS
Exploits4References5Affected Software1
Veracode
Veracode
added 2023/05/09 2:22 a.m.18 views

Cross-site Scripting (XSS)

opentsdb is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the insufficient validation of parameters reflected in error messages in the internalError and badRequest functions of HttpQuery.java, which allows an attacker to inject and execute malicious JavaScript through th...

8.2CVSS6AI score0.00904EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.6 views

The vulnerability of the `mygnuplot.sh` implementation in the distributed database of time series data in OpenTSDB allows a attacker to execute arbitrary code.

The vulnerability of the mygnuplot.sh implementation in the distributed OpenTSDB time series database is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the yrange parameter. Exploiting this vulnerability allows a remot...

10CVSS8.1AI score0.8533EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2023/05/03 9:30 p.m.27 views

GHSA-H475-7V3C-26Q7 Command injection in OpenTSDB

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS9.6AI score0.35604EPSS
Exploits4References5
OSV
OSV
added 2023/05/03 9:30 p.m.22 views

GHSA-9CHV-3W6C-JQ9W Cross Site Scripting in OpenTSDB

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

8.2CVSS6.1AI score0.00904EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/05/03 9:30 p.m.6 views

io.kamon:kamon-opentsdb_2.10 (=0.6.7), io.kamon:kamon-opentsdb_2.11 (=0.6.7) +2 more potentially affected by CVE-2023-25826 via net.opentsdb:opentsdb (>=2.3.0 <=2.4.0)

net.opentsdb:opentsdb MAVEN version =2.3.0, =2.3.2, =2.4.0 Source cves: CVE-2023-25826 Source advisory: OSV:GHSA-H475-7V3C-26Q7...

9.8CVSS7.2AI score0.35604EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2023/05/03 9:30 p.m.35 views

Cross Site Scripting in OpenTSDB

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

8.2CVSS5.9AI score0.00904EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/03 9:30 p.m.41 views

Command injection in OpenTSDB

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS9.6AI score0.35604EPSS
Exploits4References5Affected Software1
NVD
NVD
added 2023/05/03 7:15 p.m.33 views

CVE-2023-25827

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

8.2CVSS6.8AI score0.00904EPSS
Exploits0References2
NVD
NVD
added 2023/05/03 7:15 p.m.46 views

CVE-2023-25826

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS9.7AI score0.35604EPSS
Exploits4References3
Rows per page
Query Builder