CVE-2023-25826
CRITICALOpenTSDB 1.0.0-2.4.0 - Unauthenticated OS Command Injection via Legacy HTTP Query API
Title source: llmDescription
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.
References (3)
Core 3
Core References
Third Party Advisory
https://www.synopsys.com/blogs/software-security/opentsdb/
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html
Scores
CVSS v3
9.8
EPSS
0.3560
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
net.opentsdb/opentsdb
0Maven
opentsdb/opentsdb
1.0.0 - 2.4.1
Published
May 03, 2023
Tracked Since
Feb 18, 2026