CVE-2023-22497

Name of the Vulnerable Software and Affected Versions Netdata agent versions prior to 1.37 Netdata agent versions prior to 1.36.0-409 (nightly)

Description The issue affects Netdata Agents that expose their services to non-trusted users, particularly when the streaming feature is enabled, allowing a parent Netdata Agent to handle functions for its children. An attacker can exploit this by using a valid MACHINE GUID as an API key. This can lead to unauthorized access and potential data manipulation. The estimated number of potentially affected devices is not specified.

Recommendations For Netdata agent versions prior to 1.37, update to version 1.37 or later. For Netdata agent versions prior to 1.36.0-409 (nightly), update to version 1.36.0-409 (nightly) or later. As a temporary workaround, consider disabling the streaming feature by default or limiting access to the port on the recipient Agent to trusted child connections.