Full Path Disclosure Vulnerability in Netdata by Netdata
CVE-2018-18839

5.3MEDIUM

Key Information:

Vendor

My-netdata

Status
Netdata
Vendor
CVE Published:
18 June 2019

What is CVE-2018-18839?

A Full Path Disclosure vulnerability was identified in Netdata version 1.10.0, allowing unauthorized users to gain information about the server's file structure through the api/v1/alarms endpoint. This exposure may lead to further exploitation by providing insights into the web application's directory layout, which could facilitate additional attacks. It is important to note that the vendor has stated that this behavior is intentional, raising concerns about information security practices.

References

https://github.com/netdata/netdata/commit/92327c9ec211bd1...
x_refsource_MISC
https://github.com/netdata/netdata/pull/4521
x_refsource_MISC
https://www.red4sec.com/cve/netdata_fpd.txt
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.