Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oNDc1LTd2M2MtMjZxN84AAzEg
Command injection in OpenTSDB
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.
Permalink: https://github.com/advisories/GHSA-h475-7v3c-26q7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNDc1LTd2M2MtMjZxN84AAzEg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: 6 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-h475-7v3c-26q7, CVE-2023-25826
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-25826
- https://github.com/OpenTSDB/opentsdb/pull/2275
- https://www.synopsys.com/blogs/software-security/opentsdb/
- http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html
- https://github.com/advisories/GHSA-h475-7v3c-26q7
Blast Radius: 22.0
Affected Packages
maven:net.opentsdb:opentsdb
Dependent packages: 4Dependent repositories: 175
Downloads:
Affected Version Ranges: <= 2.4.1
No known fixed version
All affected versions: 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1