CVE-2018-18837

CVE-2018-18837 affects Netdata 1.10.0 and is described as HTTP Header Injection via the api/v1/data filename parameter due to web_client_api_request_v1_data in web/api/web_api_v1.c. The vulnerability is categorized as a header injection issue (CVSS details shown in the entry: CVSSv3 base score 6....

CVE-2018-18838

CVE-2018-18838 affects Netdata 1.10.0 and is a log injection vulnerability reachable via a %0a sequence in the url parameter to api/v1/registry. The CVSS:3.0 base is 7.5 (HIGH) with network access and no authentication; integrity impact is HIGH, confidentiality/availability are none. Public advis...

CVE-2018-18836

Netdata CVE-2018-18836 is a JSON injection vulnerability in Netdata 1.10.0 via api/v1/data tqx parameter (web_client_api_request_v1_data in web/api/web_api_v1.c). Connected advisories indicate fixes in later Netdata releases (e.g., update to 1.31.0 per OpenSUSE/OpenSUSE-SU-2021-1603-1 and related...

CVE-2018-18839

CVE-2018-18839 affects Netdata 1.10.0 and is described as Full Path Disclosure via api/v1/alarms. The vendor states this behavior is intentional. OpenSUSE advisories mark CVE-2018-18839 as disputed/not fixed in some Nessus entries, while later advisories describe the update as addressing other is...