CVE-2023-36812 - OpenCVE

OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Opentsdb	Opentsdb

Configuration 1 [-]

cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html
https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9
https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba
https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw

History

Wed, 06 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-30T22:58:33.603Z

Updated: 2024-11-06T17:04:09.348Z

Reserved: 2023-06-27T15:43:18.383Z

Link: CVE-2023-36812

Vulnrichment

Updated: 2024-08-02T17:01:09.433Z

NVD

Status : Modified

Published: 2023-06-30T23:15:10.287

Modified: 2023-09-08T23:15:11.103

Link: CVE-2023-36812

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36812", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-27T15:43:18.383Z", "datePublished": "2023-06-30T22:58:33.603Z", "dateUpdated": "2024-11-06T17:04:09.348Z"}, "containers": {"cna": {"title": "Remote Code Execution in OpenTSDB", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw"}, {"name": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9"}, {"name": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba"}, {"url": "http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html"}], "affected": [{"vendor": "OpenTSDB", "product": "opentsdb", "versions": [{"version": "< 2.4.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-06-30T22:58:33.603Z"}, "descriptions": [{"lang": "en", "value": "OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`."}], "source": {"advisory": "GHSA-76f7-9v52-v2fw", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:09.433Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw"}, {"name": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9"}, {"name": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba"}, {"url": "http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "opentsdb", "product": "opentsdb", "cpes": ["cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.4.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-06T17:02:44.718044Z", "id": "CVE-2023-36812", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T17:04:09.348Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36812", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-27T15:43:18.383Z", "datePublished": "2023-06-30T22:58:33.603Z", "dateUpdated": "2024-11-06T17:04:09.348Z"}, "containers": {"cna": {"title": "Remote Code Execution in OpenTSDB", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw"}, {"name": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9"}, {"name": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba"}, {"url": "http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html"}], "affected": [{"vendor": "OpenTSDB", "product": "opentsdb", "versions": [{"version": "< 2.4.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-06-30T22:58:33.603Z"}, "descriptions": [{"lang": "en", "value": "OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`."}], "source": {"advisory": "GHSA-76f7-9v52-v2fw", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:09.433Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw"}, {"name": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9"}, {"name": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba"}, {"url": "http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36812", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-06T17:02:44.718044Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:*"], "vendor": "opentsdb", "product": "opentsdb", "versions": [{"status": "affected", "version": "0", "lessThan": "2.4.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T17:03:31.879Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9965644-CFBE-43D0-9F85-5ADB7B2AF465", "versionEndExcluding": "2.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`."}], "id": "CVE-2023-36812", "lastModified": "2023-09-08T23:15:11.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-06-30T23:15:10.287", "references": [{"source": "security-advisories@github.com", "url": "http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Primary"}]}