CVE-2018-18838 Information

Description

An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a 0a sequence in the url parameter to api/v1/registry.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca https://github.com/netdata/netdata/pull/4521 https://www.red4sec.com/cve/netdata_log_injection.txt An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a 0a sequence in the url parameter to api/v1/registry.

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5