Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opentsdb Subscribe
Filtered by product Opentsdb
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35476 1 Opentsdb 1 Opentsdb 2023-03-03 7.5 HIGH 9.8 CRITICAL
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)
CVE-2018-12972 1 Opentsdb 1 Opentsdb 2019-10-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.
CVE-2018-12973 1 Opentsdb 1 Opentsdb 2018-08-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.
CVE-2018-13003 1 Opentsdb 1 Opentsdb 2018-08-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.