From a526604bb3f36b15a82e385e2e681503c215349c Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Fri, 23 Dec 2022 08:46:09 -0600
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 62 +++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 9ce1106564dd..857a53f0d7a7 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -66578,6 +66578,68 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/opentsdb_yrange_cmd_injection": {
+    "name": "OpenTSDB 2.4.0 unauthenticated command injection",
+    "fullname": "exploit/linux/http/opentsdb_yrange_cmd_injection",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2020-11-18",
+    "type": "exploit",
+    "author": [
+      "Shai rod",
+      "Erik Wynter"
+    ],
+    "description": "This module exploits an unauthenticated command injection\n          vulnerability in the yrange parameter in OpenTSDB through\n          2.4.0 (CVE-2020-35476) in order to achieve unauthenticated\n          remote code execution as the root user.\n\n          The module first attempts to obtain the OpenTSDB version via\n          the api. If the version is 2.4.0 or lower, the module\n          performs additional checks to obtain the configured metrics\n          and aggregators. It then randomly selects one metric and one\n          aggregator and uses those to instruct the target server to\n          plot a graph. As part of this request, the yrange parameter is\n          set to the payload, which will then be executed by the target\n          if the latter is vulnerable.\n\n          This module has been successfully tested against OpenTSDB\n          version 2.3.0.",
+    "references": [
+      "CVE-2020-35476",
+      "URL-https://github.com/OpenTSDB/opentsdb/issues/2051"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, x86, x64",
+    "rport": 4242,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Automatic (Unix In-Memory)",
+      "Automatic (Linux Dropper)"
+    ],
+    "mod_time": "2022-12-23 13:38:16 +0000",
+    "path": "/modules/exploits/linux/http/opentsdb_yrange_cmd_injection.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/opentsdb_yrange_cmd_injection",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/pandora_fms_events_exec": {
     "name": "Pandora FMS Events Remote Command Execution",
     "fullname": "exploit/linux/http/pandora_fms_events_exec",