9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-25826

GHSA ID

GHSA-h475-7v3c-26q7

EPSS Score

0.9926%

CWE

CWE-78

Published

5/3/2023

Updated

2/13/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-25826

CVE-2023-25826: Command injection in OpenTSDB

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-25826

GHSA ID

GHSA-h475-7v3c-26q7

EPSS Score

0.9926%

CWE

CWE-78

Published

5/3/2023

Updated

2/13/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
net.opentsdb:opentsdb	maven	<= 2.4.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper parameter validation in the legacy query API handler (CWE-78). The Synopsys advisory and GitHub PR #2275 indicate: 1) Parameters like 'key'/'style'/'smooth' were passed to system commands, 2) The original regex validation failed to block newlines/control characters, 3) The fix involved replacing regex with strict TAG validation. These functions are core to query parameter processing and command execution flow. The PR's commit message explicitly references command injection via these parameters and the need to replace regex with TAG validation logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*u* to insu**i*i*nt v*li**tion o* p*r*m*t*rs p*ss** to t** l****y *TTP qu*ry *PI, it is possi*l* to inj**t *r**t** OS *omm*n*s into multipl* p*r*m*t*rs *n* *x**ut* m*li*ious *o** on t** Op*nTS** *ost syst*m. T*is *xploit *xists *u* to *n in*ompl*t* *

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*r*m*t*r v*li**tion in t** l****y qu*ry *PI **n*l*r (*W*-**). T** Synopsys **visory *n* *it*u* PR #**** in*i**t*: *) P*r*m*t*rs lik* 'k*y'/'styl*'/'smoot*' w*r* p*ss** to syst*m *omm*n*s, *) T** ori*in*l `r***x`

9.8

Basic Information

Concerned about an active attack path?

CVE-2023-25826: Command injection in OpenTSDB

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI