CVE-2023-22496

Name of the Vulnerable Software and Affected Versions Netdata agent versions prior to 1.37 (stable) and 1.36.0-409 (nightly)

Description An issue exists where an attacker can execute arbitrary commands on a targeted Netdata agent by establishing a streaming connection and providing a specially crafted registry hostname as part of the health data. This is possible because the health alarm execute function calls spawn enq cmd with unsanitized arguments, including registry hostname. The commands are executed as the user running the Netdata Agent, usually named netdata. This may allow an attacker to escalate privileges by exploiting other vulnerabilities in the system.

Recommendations For versions prior to 1.37 (stable) and 1.36.0-409 (nightly), update to the fixed version to resolve the issue. As a temporary workaround, consider disabling the streaming feature if it has been previously enabled. Restrict access to the port on the recipient Agent to trusted child connections to minimize the risk of exploitation.