Product
opentsdb
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-36812
CVE-2023-25827
CVE-2023-25826
CVE-2020-35476
CVE-2018-13003
CVE-2018-12973
CVE-2018-12972
< 2.4.2
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vuln
>= 1.0.0 and <= 2.4.1
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it
>= 1.0.0 and <= 2.4.1
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands int
<= 2.4.0
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange v
all versions
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.
all versions
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.
all versions
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange