Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opentsdb opentsdb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-36812
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been pat...
Opentsdb Opentsdb
1 Metasploit module
1 Github repository
NA
CVE-2023-25826
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vu...
Opentsdb Opentsdb
1 Metasploit module
1 Github repository
NA
CVE-2023-25827
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-...
Opentsdb Opentsdb
7.5
CVSSv2
CVE-2020-35476
A remote code execution vulnerability occurs in OpenTSDB up to and including 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.j...
Opentsdb Opentsdb
1 Metasploit module
2 Github repositories
4.3
CVSSv2
CVE-2020-13430
Grafana prior to 7.0.0 allows tag value XSS via the OpenTSDB datasource.
Grafana Grafana
4.3
CVSSv2
CVE-2018-13003
An issue exists in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.
Opentsdb Opentsdb 2.3.0
4.3
CVSSv2
CVE-2018-12973
An issue exists in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.
Opentsdb Opentsdb 2.3.0
7.5
CVSSv2
CVE-2018-12972
An issue exists in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.
Opentsdb Opentsdb 2.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started