Lucene search
Veracode Vulnerability DatabaseVERACODE:39671HistoryMar 12, 2023 - 4:42 a.m.
Information Disclosure
2023-03-1204:42:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
netdata
vulnerability
information disclosure
machine guid
streaming
configuration
api key
non-trusted users
parents
0.001 Low
EPSS
Percentile
46.4%
netdata is vulnerable to Information Disclosure. Netdata Agents have an automatically generated MACHINE GUID that is saved to disk and can persist across restarts and reboots. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents (children), offloading children from various functions. Configuration is done via ‘stream.conf’. An attacker can use a valid MACHINE_GUID as an API key, which affects all users who expose their Netdata Agents to non-trusted users and also expose to the same users Netdata Agent parents that aggregate data from all these children.
| CPE | Name | Operator | Version |
|---|---|---|---|
| netdata:sid | eq | 1.29.3-3 | |
| netdata:sid | eq | 1.19.0-4 | |
| netdata:sid | eq | 1.31.0-3 | |
| netdata:sid | eq | 1.29.3-3 | |
| netdata:sid | eq | 1.19.0-4 | |
| netdata:sid | eq | 1.31.0-3 |
Related
prion
prion
Design/Logic Flaw
2023-01-14 02:15:00
osv
osv
CVE-2023-22497
2023-01-14 02:15:10
debiancve
debiancve
CVE-2023-22497
2023-01-14 02:15:10
cvelist
cvelist
CVE-2023-22497 Netdata is vulnerable to improper authentication
2023-01-14 01:02:12
ubuntucve
ubuntucve
CVE-2023-22497
2023-01-14 00:00:00
nvd
nvd
CVE-2023-22497
2023-01-14 02:15:10
cve
cve
CVE-2023-22497
2023-01-14 02:15:10
cnvd
cnvd
Netdata Licensing Issue Vulnerability
2023-01-17 00:00:00
alpinelinux
alpinelinux
CVE-2023-22497
2023-01-14 02:15:00