CVE-2023-36812

CVSS V2 None CVSS V3 None
Description
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.
Overview
  • CVE ID
  • CVE-2023-36812
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-06-30T22:58:33.603Z
  • Last Modified Date
  • 2023-06-30T22:58:33.603Z
History
Created Old Value New Value Data Type Notes
2024-06-25 17:02:15 Added to TrackCVE