Published: 30/06/2023 Updated: 08/09/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opentsdb opentsdb

This Metasploit module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 241 in order to achieve unauthenticated remote code execution as the root user The module first attempts to obtain the OpenTSDB version via the api If the version is 241 or lower, the module performs additional checks to ...

This module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 241 (CVE-2023-36812/CVE-2023-25826) in order to achieve unauthenticated remote code execution as the root user The module first attempts to obtain the OpenTSDB version via the api If ...

This module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 (CVE-2023-36812/CVE-2023-25826) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.1 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the key parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.4.1.

msf > use exploit/linux/http/opentsdb_key_cmd_injection
msf exploit(opentsdb_key_cmd_injection) > show targets
    ...targets...
msf exploit(opentsdb_key_cmd_injection) > set TARGET < target-id >
msf exploit(opentsdb_key_cmd_injection) > show options
    ...show and set options...
msf exploit(opentsdb_key_cmd_injection) > exploit

An exploit for OpenTSDB <= 2.4.1 cmd injection (CVE-2023-36812/CVE-2023-25826) written in Fortran

opentsdb_key_cmd_injection An exploit for OpenTSDB <= 241 cmd injection (CVE-2023-36812/CVE-2023-25826) written in Fortran About This is an exploit for a command injection vulnerability in OpenTSDB verions 241 and prior (CVE-2023-36812/CVE-2023-25826) The exploit is written in modern Fortran and leverages the official Fortran http-client library that was created ear

CWE-74 https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9 http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html https://nvd.nist.gov https://github.com/ErikWynter/opentsdb_key_cmd_injection https://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html

CVE-2023-36812

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect