RSS   Podatności dla 'Opentsdb'   RSS

2020-12-16
 
CVE-2020-35476

CWE-77
 

 
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)

 
2018-06-29
 
CVE-2018-13003

CWE-79
 

 
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.

 
 
CVE-2018-12973

CWE-79
 

 
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.

 
 
CVE-2018-12972

CWE-78
 

 
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.

 


Copyright 2024, cxsecurity.com

 

Back to Top