CyRC Vulnerability Advisory: CVE-2023-25826 and CVE-2023-25827 in OpenTSDB
Synopsys Cybersecurity Research Center discovers new RCE vulnerability and cross-site scripting vulnerability in OpenTSDB.
Overview
The Synopsys Cybersecurity Research Center (CyRC) has discovered a remote command execution vulnerability (CVE-2023-25826), and a reflected cross-site scripting (XSS) vulnerability (CVE-2023-25827) in OpenTSDB. OpenTSDB is a distributed time series database (TSDB) working over Apache HBase that is designed for managing, querying, and displaying time-based metrics at a large scale.
*** This is a Security Bloggers Network syndicated blog from Application Security Blog authored by Jamie Harris. Read the original post at: https://www.synopsys.com/blogs/software-security/opentsdb/