CVE-2020-35476

{"id": "CVE-2020-35476", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-12-16T08:15:13.560", "references": [{"url": "http://packetstormsecurity.com/files/170331/OpenTSDB-2.4.0-Command-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/OpenTSDB/opentsdb/issues/2051", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/170331/OpenTSDB-2.4.0-Command-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/OpenTSDB/opentsdb/issues/2051", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)"}, {"lang": "es", "value": "Se produce una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en OpenTSDB versiones hasta 2.4.0, por medio de la inyecci\u00f3n de comandos en el par\u00e1metro yrange. El valor de yrange se escribe en un archivo gnuplot en el directorio /tmp. Luego, este archivo es ejecutado por medio del script de shell mygnuplot.sh. (tsd/GraphHandler.java intent\u00f3 evitar las inyecciones de comandos al bloquear las comillas inversas, pero esto es insuficiente)"}], "lastModified": "2024-11-21T05:27:22.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACCC23AC-2A92-4A7D-81BC-0D8098AB8C0C", "versionEndIncluding": "2.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}