PT-2019-19884 · Netdata +2 · Netdata +2
Published
2019-03-15
·
Updated
2024-08-04
·
CVE-2019-9834
6.1
Medium
| Base vector | Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Netdata web application versions prior to 1.13.0
Description:
The issue allows remote attackers to inject malicious HTML code into an imported snapshot. Successful exploitation can lead to the execution of attacker-supplied HTML in the context of the affected browser. This potentially allows the attacker to steal authentication credentials or control how the site is rendered to the user.
Recommendations:
For versions prior to 1.13.0, update to version 1.13.0 or later to resolve the issue. As a temporary workaround, consider avoiding the import of snapshots from untrusted sources until a patch is applied. Restrict access to the snapshot import feature to minimize the risk of exploitation.
Exploit
Fix
XSS
Weakness Enumeration
Related Identifiers
Affected Products
References · 15
- 🔥 https://exploit-db.com/exploits/46545 · Exploit
- 🔥 https://youtube.com/watch?v=zSG93yX0B8k · Exploit
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9834 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2019-9834 · Security Note
- https://errata.altlinux.org/ALT-PU-2019-1859 · Vendor Advisory
- https://security-tracker.debian.org/tracker/CVE-2019-9834 · Vendor Advisory
- https://cve.org/CVERecord?id=CVE-2019-9834 · Security Note
- https://osv.dev/vulnerability/CVE-2019-9834 · Vendor Advisory
- https://ubuntu.com/security/CVE-2019-9834 · Vendor Advisory
- https://errata.altlinux.org/ALT-PU-2019-2565 · Vendor Advisory
- https://security-tracker.debian.org/tracker/source-package/netdata · Vendor Advisory
- https://osv.dev/vulnerability/UBUNTU-CVE-2019-9834 · Vendor Advisory
- https://github.com/netdata/netdata/issues/5800#issuecomment-510986112⭐ 74955 🔗 6077 · Note
- https://packages.debian.org/src:netdata · Note
- https://packages.altlinux.org/ru/vuln/CVE-2019-9834 · Note