OpenTSDB 2.4.0 Command Injection
This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution
as the root user. The module first attempts to obtain the OpenTSDB version
via the api. If the version is 2.4.0 or lower, the module performs
additional checks to obtain the configured metrics and aggregators. It
then randomly selects one metric and one aggregator and uses those to
instruct the target server to plot a graph. As part of this request, the
yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully
tested against OpenTSDB version 2.3.0.
https://packetstormsecurity.com/files/170331/opentsdb_yrange_cmd_injection.rb.t xt
Fri, 23 Dec 2022 14:46:27 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com