11 matches found
The vulnerability of the `mygnuplot.sh` implementation in the distributed database of time series data in OpenTSDB allows a attacker to execute arbitrary code.
The vulnerability of the mygnuplot.sh implementation in the distributed OpenTSDB time series database is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the yrange parameter. Exploiting this vulnerability allows a remot...
GHSA-CX2V-JRJC-G54W OpenTSDB vulnerable to OS Command Injection
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input...
GHSA-HV53-Q76C-7F8C OS Command Injection in OpenTSDB
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...
OpenTSDB Command Injection Vulnerability
OpenTSDB is a distributed, scalable time series database TSDB based on Hbase. A command execution vulnerability exists in OpenTSDB 2.4.0 and earlier versions. An attacker can exploit this vulnerability to achieve remote code execution via the yrange parameter injection command...
CVE-2020-35476
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...
CVE-2020-35476
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...
Remote code execution
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...
CVE-2020-35476
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...
OpenTSDB 操作系统命令注入漏洞
OpenTSDB is a distributed, scalable time series database TSDB based on Hbase. A command execution vulnerability exists in OpenTSDB 2.4.0 and earlier versions. An attacker can exploit this vulnerability to achieve remote code execution via the yrange parameter injection command...
PT-2020-6865 · Opentsdb · Opentsdb
Name of the Vulnerable Software and Affected Versions: OpenTSDB versions prior to 2.4.1 Description: A remote code execution issue occurs due to command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory, which is then executed via the...
OpenTSDB Remote Command Execution Vulnerability
OpenTSDB is a set of open source, scalable distributed time series database. A remote command execution vulnerability exists in OpenTSDB version 2.3.0. An attacker can exploit this vulnerability by sending multiple parameters e.g., o, key, style, yrange, or y2range to the /q URI to execute comman...