CVE-2018-18838

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Netdata version 1.10.0

Description An issue exists where Log Injection (or Log Forgery) is possible via a %0a sequence in the url parameter to the "api/v1/registry" endpoint.

Recommendations For Netdata version 1.10.0, avoid using the url parameter in the "api/v1/registry" endpoint until the issue is resolved.

Exploit

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

ALT-PU-2019-1379

CVE-2018-18838

OPENSUSE-SU-2021:0647-1

OPENSUSE-SU-2021:0730-1

OPENSUSE-SU-2021:1603-1

OPENSUSE-SU-2021_0647-1

OPENSUSE-SU-2024:11083-1

USN-7250-1

Affected Products

Alt Linux

Linuxmint

Netdata

Suse

Ubuntu

CVE-2018-18838

Weakness Enumeration

Related Identifiers

Affected Products

References · 32