Lucene search
Veracode Vulnerability DatabaseVERACODE:39670HistoryMar 12, 2023 - 4:41 a.m.
Remote Code Execution (RCE)
2023-03-1204:41:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
241
remote code execution
netdata
streaming connection
arbitrary commands
alert
registry_hostname
health data
agent
software
0.002 Low
EPSS
Percentile
54.6%
netdata is vulnerable to Remote Code Execution (RCE). An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent when an alert is triggered. This can be done by providing a specially crafted registry_hostname as part of the health data that is streamed to a Netdata (parent) agent. The commands are executed as the user running the Netdata Agent.
| CPE | Name | Operator | Version |
|---|---|---|---|
| netdata:sid | eq | 1.29.3-3 | |
| netdata:sid | eq | 1.19.0-4 | |
| netdata:sid | eq | 1.31.0-3 | |
| netdata:sid | eq | 1.29.3-3 | |
| netdata:sid | eq | 1.19.0-4 | |
| netdata:sid | eq | 1.31.0-3 |
Related
cve
cve
CVE-2023-22496
2023-01-14 01:15:15
debiancve
debiancve
CVE-2023-22496
2023-01-14 01:15:15
cvelist
cvelist
CVE-2023-22496 Netdata vulnerable to command injection
2023-01-14 00:59:53
ubuntucve
ubuntucve
CVE-2023-22496
2023-01-14 00:00:00
alpinelinux
alpinelinux
CVE-2023-22496
2023-01-14 01:15:00
osv
osv
CVE-2023-22496
2023-01-14 01:15:15
cnvd
cnvd
Netdata Command Injection Vulnerability
2023-01-17 00:00:00
prion
prion
Design/Logic Flaw
2023-01-14 01:15:00
nvd
nvd
CVE-2023-22496
2023-01-14 01:15:15