automatic module_metadata_base.json update

rapid7 · Sep 8, 2023 · 6f6a479 · 6f6a479
1 parent 57f3b8a
commit 6f6a479
Showing 1 changed file with 63 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -69585,6 +69585,69 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/opentsdb_key_cmd_injection": {
+    "name": "OpenTSDB 2.4.1 unauthenticated command injection",
+    "fullname": "exploit/linux/http/opentsdb_key_cmd_injection",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-07-01",
+    "type": "exploit",
+    "author": [
+      "Gal Goldstein",
+      "Daniel Abeles",
+      "Erik Wynter"
+    ],
+    "description": "This module exploits an unauthenticated command injection\n          vulnerability in the key parameter in OpenTSDB through\n          2.4.1 (CVE-2023-36812/CVE-2023-25826) in order to achieve\n          unauthenticated remote code execution as the root user.\n\n          The module first attempts to obtain the OpenTSDB version via\n          the api. If the version is 2.4.1 or lower, the module\n          performs additional checks to obtain the configured metrics\n          and aggregators. It then randomly selects one metric and one\n          aggregator and uses those to instruct the target server to\n          plot a graph. As part of this request, the key parameter is\n          set to the payload, which will then be executed by the target\n          if the latter is vulnerable.\n\n          This module has been successfully tested against OpenTSDB\n          version 2.4.1.",
+    "references": [
+      "URL-https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw",
+      "CVE-2023-36812",
+      "CVE-2023-25826"
+    ],
+    "platform": "Linux",
+    "arch": "ARCH_CMD",
+    "rport": 4242,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Linux"
+    ],
+    "mod_time": "2023-09-07 17:29:16 +0000",
+    "path": "/modules/exploits/linux/http/opentsdb_key_cmd_injection.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/opentsdb_key_cmd_injection",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/opentsdb_yrange_cmd_injection": {
     "name": "OpenTSDB 2.4.0 unauthenticated command injection",
     "fullname": "exploit/linux/http/opentsdb_yrange_cmd_injection",