From 6f6a4795f3f3f8e60ea9e4ae67482e72303e0c01 Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Fri, 8 Sep 2023 11:06:04 -0500
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 63 +++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 8de2e46aa023..75e6d5ce53da 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -69585,6 +69585,69 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/opentsdb_key_cmd_injection": {
+    "name": "OpenTSDB 2.4.1 unauthenticated command injection",
+    "fullname": "exploit/linux/http/opentsdb_key_cmd_injection",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-07-01",
+    "type": "exploit",
+    "author": [
+      "Gal Goldstein",
+      "Daniel Abeles",
+      "Erik Wynter"
+    ],
+    "description": "This module exploits an unauthenticated command injection\n          vulnerability in the key parameter in OpenTSDB through\n          2.4.1 (CVE-2023-36812/CVE-2023-25826) in order to achieve\n          unauthenticated remote code execution as the root user.\n\n          The module first attempts to obtain the OpenTSDB version via\n          the api. If the version is 2.4.1 or lower, the module\n          performs additional checks to obtain the configured metrics\n          and aggregators. It then randomly selects one metric and one\n          aggregator and uses those to instruct the target server to\n          plot a graph. As part of this request, the key parameter is\n          set to the payload, which will then be executed by the target\n          if the latter is vulnerable.\n\n          This module has been successfully tested against OpenTSDB\n          version 2.4.1.",
+    "references": [
+      "URL-https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw",
+      "CVE-2023-36812",
+      "CVE-2023-25826"
+    ],
+    "platform": "Linux",
+    "arch": "ARCH_CMD",
+    "rport": 4242,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Linux"
+    ],
+    "mod_time": "2023-09-07 17:29:16 +0000",
+    "path": "/modules/exploits/linux/http/opentsdb_key_cmd_injection.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/opentsdb_key_cmd_injection",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/opentsdb_yrange_cmd_injection": {
     "name": "OpenTSDB 2.4.0 unauthenticated command injection",
     "fullname": "exploit/linux/http/opentsdb_yrange_cmd_injection",