Lucene search

K

Opentsdb Security Vulnerabilities

cve
cve

CVE-2023-36812

OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

9.8CVSS

9.5AI Score

0.005EPSS

2023-06-30 11:15 PM
21
cve
cve

CVE-2023-25826

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS

9.5AI Score

0.962EPSS

2023-05-03 07:15 PM
54
cve
cve

CVE-2023-25827

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

8.2CVSS

5.8AI Score

0.001EPSS

2023-05-03 07:15 PM
23
cve
cve

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent...

9.8CVSS

9.7AI Score

0.962EPSS

2020-12-16 08:15 AM
123
10
cve
cve

CVE-2018-13003

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest...

6.1CVSS

5.7AI Score

0.001EPSS

2018-06-29 02:29 PM
47
cve
cve

CVE-2018-12972

An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON...

9.8CVSS

9.4AI Score

0.002EPSS

2018-06-29 05:29 AM
43
cve
cve

CVE-2018-12973

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q...

6.1CVSS

5.9AI Score

0.001EPSS

2018-06-29 05:29 AM
46