netdata is vulnerable to Information Disclosure. Netdata Agents have an automatically generated MACHINE GUID that is saved to disk and can persist across restarts and reboots. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents (children), offloading children from various functions. Configuration is done via ‘stream.conf’. An attacker can use a valid MACHINE_GUID as an API key, which affects all users who expose their Netdata Agents to non-trusted users and also expose to the same users Netdata Agent parents that aggregate data from all these children.
CPE | Name | Operator | Version |
---|---|---|---|
netdata:sid | eq | 1.29.3-3 | |
netdata:sid | eq | 1.19.0-4 | |
netdata:sid | eq | 1.31.0-3 | |
netdata:sid | eq | 1.29.3-3 | |
netdata:sid | eq | 1.19.0-4 | |
netdata:sid | eq | 1.31.0-3 |