Vulnerability Details : CVE-2023-36812
Public exploit exists!
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2023-36812
1.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-36812
-
OpenTSDB 2.4.1 unauthenticated command injection
Disclosure Date: 2023-07-01First seen: 2023-09-11exploit/linux/http/opentsdb_key_cmd_injectionThis module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 (CVE-2023-36812/CVE-2023-25826) in order to achieve unauthenticated remote code execution as the root user. The module first atte
CVSS scores for CVE-2023-36812
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2023-36812
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-36812
-
http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html
OpenTSDB 2.4.1 Unauthenticated Command Injection ≈ Packet Storm
-
https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9
Improved fix for #2261. · OpenTSDB/opentsdb@07c4641 · GitHubPatch
-
https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw
Remote Code Execution for 2.4.1 and earlier · Advisory · OpenTSDB/opentsdb · GitHubPatch
-
https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba
Fix for #2269 and #2267 XSS vulnerability. · OpenTSDB/opentsdb@fa88d3e · GitHubPatch
Products affected by CVE-2023-36812
- cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:*