CVE-2023-25827 – net.opentsdb:opentsdb

Package

Manager: maven
Name: net.opentsdb:opentsdb
Vulnerable Version: >=0 <=2.4.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00226 pctl0.45223

Details

Cross Site Scripting in OpenTSDB Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.

Metadata

Created: 2023-05-03T21:30:18Z
Modified: 2023-05-11T14:05:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-9chv-3w6c-jq9w/GHSA-9chv-3w6c-jq9w.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9chv-3w6c-jq9w
Finding: F008
Auto approve: 1