CVE-2018-18839

CVE-2018-18839 affects Netdata 1.10.0 and is described as Full Path Disclosure via api/v1/alarms. The vendor states this behavior is intentional. OpenSUSE advisories mark CVE-2018-18839 as disputed/not fixed in some Nessus entries, while later advisories describe the update as addressing other is...

CVE-2018-18839

An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...

CVE-2019-9834

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...

Design/Logic Flaw

DISPUTED The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the...

UBUNTU-CVE-2019-9834

DISPUTED The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the...

CVE-2019-9834

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...

DEBIAN-CVE-2019-9834

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...

CVE-2019-9834

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...

CVE-2019-9834

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...

CVE-2019-9834

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...

CVE-2019-9834

The CVE-2019-9834 issue affects the Netdata web application up to version 1.13.0, where an HTML Injection flaw allows remote attackers to inject attacker-supplied HTML into an imported snapshot. This can execute in the user’s browser context, potentially stealing authentication credentials or alt...

NetData 1.13.0 HTML Injection

Author: Marcelo VA!zquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Date: 2019-03-14 Exploit Author: Marcelo VA!zquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage: https://my-netdata.io/ Software Link:...

NetData 1.13.0 - HTML Injection

NetData 1.13.0 - HTML Injection Author: Marcelo Vázquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Date: 2019-03-14 Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage:...

PT-2019-19884 · Netdata +2 · Netdata +2

Name of the Vulnerable Software and Affected Versions: Netdata web application versions prior to 1.13.0 Description: The issue allows remote attackers to inject malicious HTML code into an imported snapshot. Successful exploitation can lead to the execution of attacker-supplied HTML in the contex...

NetData 1.13.0 - HTML Injection Vulnerability

Exploit for multiple platform in category web applications Author: Marcelo Vázquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage...

NetData 1.13.0 - HTML Injection

Author: Marcelo Vázquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Date: 2019-03-14 Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage: https://my-netdata.io/ Software Link:...

PT-2019-9645 · Netdata +4 · Netdata +4

Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software where HTTP Header Injection is possible via the filename parameter in the "api/v1/data" endpoint. This is due to the web client api request v1 data function in web/api/web ap...

PT-2019-9644 · Netdata +4 · Netdata +4

Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software due to JSON injection via the "api/v1/data" endpoint, specifically through the tqx parameter. This is caused by the web client api request v1 data function in web/api/web api...

PT-2019-9647 · Netdata +2 · Netdata +2

Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software, potentially allowing Full Path Disclosure FPD via the "api/v1/alarms" endpoint. The vendor considers this behavior intentional. Recommendations: For Netdata version 1.10.0, ...

PT-2019-9646 · Netdata +4 · Netdata +4

Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists where Log Injection or Log Forgery is possible via a %0a sequence in the url parameter to the "api/v1/registry" endpoint. Recommendations: For Netdata version 1.10.0, avoid using the url...