What is CVE-2020-35476?

CVE-2020-35476 is a vulnerability in N/a. Published 2020-12-16.

Is CVE-2020-35476 known to be exploited?

34 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shel…

EPSS: 0.943 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

glowbase/CVE-2020-35476
rapid7/metasploit-framework
0ps/pocassistdb
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Addy-shetty/Laazy_
EdgeSecurityTeam/Vulnerability
Elsfa7-110/kenzer-templates

References

github.com/OpenTSDB/opentsdb/issues/2051
packetstormsecurity.com/files/170331/OpenTSDB-2.4.0-Command-Injection.html

Frequently asked questions

What is CVE-2020-35476?: CVE-2020-35476 is a vulnerability in N/a. Published 2020-12-16.
Is CVE-2020-35476 known to be exploited?: 34 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.