JSON Injection Vulnerability in Netdata by Netdata
CVE-2018-18836

6.5MEDIUM

Key Information:

Vendor

My-netdata

Status
Netdata
Vendor
CVE Published:
18 June 2019

What is CVE-2018-18836?

An issue has been identified in Netdata version 1.10.0 where an attacker can exploit a JSON injection vulnerability through the 'api/v1/data' tqx parameter, caused by the function web_client_api_request_v1_data in web/api/web_api_v1.c. This issue could allow unauthorized manipulation of data, risking integrity and availability. It is crucial for users of affected versions to apply security patches and review their configurations to mitigate potential exploits.

References

https://github.com/netdata/netdata/blob/798c141c49ee85bdd...
x_refsource_MISC
https://github.com/netdata/netdata/blob/798c141c49ee85bdd...
x_refsource_MISC
https://github.com/netdata/netdata/commit/92327c9ec211bd1...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.