CVE-2023-22496: 
Netdata vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-22496) was discovered in Netdata agent affecting versions Stable < 1.37 and Nightlies < 1.36.0-409. The vulnerability was disclosed on December 1, 2022, and allows attackers with streaming connection capabilities to execute arbitrary commands on targeted Netdata agents (GitHub Advisory).

The vulnerability stems from improper sanitization of arguments in the healthalarmexecute function. When an alert is triggered, this function performs checks and calls spawnenqcmd, using unsanitized arguments including the registry_hostname of the node. The vulnerability has been assigned a CVSS v3.1 score of 8.1 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness types identified are CWE-20 (Improper Input Validation) and CWE-77 (Command Injection) (GitHub Advisory).

An attacker can execute arbitrary commands on the affected system with the privileges of the Netdata Agent user (typically named 'netdata'). This command execution capability could potentially be leveraged to escalate privileges by exploiting other system vulnerabilities. The impact affects system confidentiality, integrity, and availability with high severity ratings (GitHub Advisory).

The vulnerability has been patched in Netdata agent v1.37 (stable) and v1.36.0-409 (nightly). For users unable to update immediately, a workaround is available by disabling streaming in the stream.conf file by setting 'enabled = no'. Additionally, limiting access to the recipient Agent's port to trusted child connections can help mitigate the vulnerability's impact (GitHub Advisory).