172 matches found
CVE-2023-36812
OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...
Remote code execution
OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...
GHSA-76F7-9V52-V2FW Remote Code Execution for 2.4.1 and earlier
Impact OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. Patches Patched in 07c4641471c6f5c2ab5aab615969e97211eb50d9 and further refined in...
io.kamon:kamon-opentsdb_2.10 (=0.6.7), io.kamon:kamon-opentsdb_2.11 (=0.6.7) +2 more potentially affected by CVE-2023-36812 via net.opentsdb:opentsdb (>=2.3.0 <=2.4.0)
net.opentsdb:opentsdb MAVEN version =2.3.0, =2.3.2, =2.4.0 Source cves: CVE-2023-36812 Source advisory: OSV:GHSA-76F7-9V52-V2FW...
Remote Code Execution for 2.4.1 and earlier
Impact OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. Patches Patched in 07c4641471c6f5c2ab5aab615969e97211eb50d9 and further refined in...
CVE-2023-36812 Remote Code Execution in OpenTSDB
OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...
CVE-2023-36812 Remote Code Execution in OpenTSDB
OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...
CVE-2023-36812 Remote Code Execution in OpenTSDB
OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...
CVE-2023-36812
OpenTSDB (2.4.1 affected; patched in 2.4.2) has a Remote Code Execution vulnerability (CVE-2023-36812) caused by writing user-controlled input to a Gnuplot configuration file and executing Gnuplot. The issue enables unauthenticated remote code execution via crafted requests, and is evidenced by p...
PT-2023-25703 · Opentsdb · Opentsdb
Name of the Vulnerable Software and Affected Versions: OpenTSDB versions prior to 2.4.2 Description: OpenTSDB is vulnerable to Remote Code Execution by writing user-controlled input to the Gnuplot configuration file and running Gnuplot with the generated configuration. The issue has been patched ...
Command Injection
net.opentsdb:opentsdb is vulnerable to Command Injection. Insufficient validation of parameters passed to the legacy HTTP query API allows crafted OS commands to bypass validation, allowing malicious code to execute on the OpenTSDB host system...
Cross-site Scripting (XSS)
opentsdb is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the insufficient validation of parameters reflected in error messages in the internalError and badRequest functions of HttpQuery.java, which allows an attacker to inject and execute malicious JavaScript through th...
The vulnerability of the `mygnuplot.sh` implementation in the distributed database of time series data in OpenTSDB allows a attacker to execute arbitrary code.
The vulnerability of the mygnuplot.sh implementation in the distributed OpenTSDB time series database is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the yrange parameter. Exploiting this vulnerability allows a remot...
GHSA-H475-7V3C-26Q7 Command injection in OpenTSDB
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...
GHSA-9CHV-3W6C-JQ9W Cross Site Scripting in OpenTSDB
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...
io.kamon:kamon-opentsdb_2.10 (=0.6.7), io.kamon:kamon-opentsdb_2.11 (=0.6.7) +2 more potentially affected by CVE-2023-25826 via net.opentsdb:opentsdb (>=2.3.0 <=2.4.0)
net.opentsdb:opentsdb MAVEN version =2.3.0, =2.3.2, =2.4.0 Source cves: CVE-2023-25826 Source advisory: OSV:GHSA-H475-7V3C-26Q7...
Cross Site Scripting in OpenTSDB
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...
Command injection in OpenTSDB
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...
CVE-2023-25827
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...
CVE-2023-25826
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...