CVE-2024-32019

Name of the Vulnerable Software and Affected Versions Netdata versions prior to 1.45.3 Netdata versions prior to 1.45.2-169

Description Netdata is an open source observability tool. The ndsudo tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The ndsudo tool is packaged as a root-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the PATH environment variable. This allows an attacker to control where ndsudo looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. The estimated number of potentially affected devices worldwide is not explicitly stated, but Netdata's popularity, with over 68k stars on Github, means that many systems could be at risk.

Recommendations For Netdata versions prior to 1.45.3, upgrade to version 1.45.3 or later. For Netdata versions prior to 1.45.2-169, upgrade to version 1.45.2-169 or later. As a temporary workaround, consider restricting the PATH environment variable to prevent an attacker from controlling where ndsudo looks for external commands. Avoid using the ndsudo tool until the issue is resolved.