JSON Injection Vulnerability in Netdata by Netdata
CVE-2018-18836
6.5MEDIUM
What is CVE-2018-18836?
An issue has been identified in Netdata version 1.10.0 where an attacker can exploit a JSON injection vulnerability through the 'api/v1/data' tqx parameter, caused by the function web_client_api_request_v1_data in web/api/web_api_v1.c. This issue could allow unauthorized manipulation of data, risking integrity and availability. It is crucial for users of affected versions to apply security patches and review their configurations to mitigate potential exploits.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved