CVE-2018-12972

Name of the Vulnerable Software and Affected Versions OpenTSDB version 2.3.0

Description An issue was discovered where many parameters to the "/q" URI can execute commands. The vulnerable parameters include o, key, style, and yrange and y2range along with their JSON input.

Recommendations For OpenTSDB version 2.3.0, consider restricting access to the "/q" URI or limiting the execution of commands through the vulnerable parameters o, key, style, yrange, and y2range to minimize the risk of exploitation. Avoid using these parameters with JSON input until the issue is resolved.