Description
An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
Third Party Advisory x_refsource_misc
https://github.com/netdata/netdata/pull/4521
Third Party Advisory x_refsource_misc
https://www.red4sec.com/cve/netdata_fpd.txt
Scores
CVSS v3
5.3
EPSS
0.0045
EPSS Percentile
63.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
my-netdata/netdata
1.10.0
Published
Jun 18, 2019
Tracked Since
Feb 18, 2026