OpenTSDB 2.4.1 Remote Code Execution #2261
Comments
|
Is this a different issue than the one addressed here? |
|
@johann8384 thanks for the quick response. The issue referenced in ticket #2127 was valid for OpenTSDB 2.4.0; we found a bypass for the restrictions posed by the fix suggested in the ticket, so the remote code execution is operational for version 2.4.1. |
|
Hi Gal and Daniel, you can ping me at ***@***.*** and I'll take a
look, thanks.
…On Wed, Dec 14, 2022 at 12:00 AM Daniel Abeles ***@***.***> wrote:
@johann8384 <https://github.com/johann8384> thanks for the quick
response. The issue referenced in ticket #2127
<#2127> was valid for OpenTSDB
2.4.0; we found a bypass for the restrictions posed by the fix suggested in
the ticket, so the remote code execution is operational for version 2.4.1.
—
Reply to this email directly, view it on GitHub
<#2261 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAKQLJDW7E74M2K3NIQIKHLWNF5AXANCNFSM6AAAAAAS37SFLI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
Sincerely,
Chris Larsen
|
|
Hi @manolama, we can't seem to see the email address for some reason. |
|
Hmm, thank you Github. @oxeye-daniel you can pull my netflix email from the git commit logs on the 3.0 branch. That one or the euphoria audio email. |
|
Hi @manolama , any updates? |
|
Hi @manolama, are there any updates? |
|
Hi @johann8384 @manolama, is there any update? It's been three months already. |
|
你的邮件我已收到,会及时回复你的,谢谢啦啦。。。。吴琼
|
|
@johann8384 @manolama @deamerfire @Dieken any updates? |
|
I haven't really been using or working on this project for four or five
years.
…On Sun, Apr 9, 2023, 5:30 AM Daniel Abeles ***@***.***> wrote:
@johann8384 <https://github.com/johann8384> @manolama
<https://github.com/manolama> @deamerfire <https://github.com/deamerfire>
@Dieken <https://github.com/Dieken> any updates?
—
Reply to this email directly, view it on GitHub
<#2261 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABFYMIZOCTVMFKVWV6773TXAJ6SBANCNFSM6AAAAAAS37SFLI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Regular expressions wouldn't catch the newlines or possibly other control characters. Now we'll use the TAG validation code to make sure the inputs are only plain ASCII printables first. Fixes CVE-2018-12972, CVE-2020-35476
Regular expressions wouldn't catch the newlines or possibly other control characters. Now we'll use the TAG validation code to make sure the inputs are only plain ASCII printables first. Fixes CVE-2018-12972, CVE-2020-35476
|
Hi @manolama, thanks for referencing those commits; how can you assist in opening the security advisory? |
|
Hi @manolama; how can you assist in opening the security advisory? |
|
你的邮件我已收到,会及时回复你的,谢谢啦啦。。。。吴琼
|
|
Hi @deamerfire @johann8384 @manolama @Dieken , |
|
Not maintainer of OpenTSDB. I guess @manolama got your message, just don't know how to open "Github security advisory", maybe you could describe the steps. |
|
Hi @Dieken, thanks for the response! We would definitely appreciate your support here since @manolama seems to be quite unresponsive lately. Here is a guide on how to create those advisories, and thanks again :) https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory |
|
@oxeye-daniel Sorry for the wait, got it up at GHSA-76f7-9v52-v2fw. Do you have Gal's Github handle to link to? Thanks. |
|
Thanks Chris,
Mine is oxeye-daniel and Gals is oxeye-gal.
Please add us as collaborators so we can fill in.
On Wed, Jun 14, 2023 at 06:41 Chris Larsen ***@***.***> wrote:
@oxeye-daniel <https://github.com/oxeye-daniel> Sorry for the wait, got
it up at
https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw.
Do you have Gal's Github handle to link to? Thanks.
—
Reply to this email directly, view it on GitHub
<#2261 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AUXB6ZUJ7N3BNUKU4V2WPR3XLEXHJANCNFSM6AAAAAAS37SFLI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
*Daniel Abeles*
*Head of Research, Oxeye*
***@***.***
|
|
Done, feel free to edit please. |
|
Thanks a lot! We have edited the relevant information. Could you request a CVE now? Thanks |
|
Done, thanks. |
|
The GitHub security team has requested changes to the advisory on how it differed from a previous CVE. I edited the page, @manolama may I ask you to re-request a CVE? |
|
GHSA-76f7-9v52-v2fw published. |
During our research at Oxeye Security, we found that OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration.
As we don't want to publish zero days on the web without first contacting you, please provide us with a secure email address so we can communicate the description, reproduction steps, and more.
This vulnerability was discovered by Gal Goldshtein and Daniel Abeles.
The text was updated successfully, but these errors were encountered: