MidnightBSD

Advisories for my-netdata

CVE-2018-18836 MEDIUM

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
my-netdata netdata 1.10.0
CVE-2018-18837 MEDIUM

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-113,

Products Affected

Vendor Product Version
my-netdata netdata 1.10.0
CVE-2018-18838 MEDIUM

An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-116,

Products Affected

Vendor Product Version
my-netdata netdata 1.10.0
CVE-2018-18839 MEDIUM

An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
my-netdata netdata 1.10.0