CVE-2024-32019

ndsudo: local privilege escalation via untrusted search path

Description

Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Category

8.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: netdata netdata
Published at:
Updated at:

References

Link Tags
https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93
https://github.com/netdata/netdata/pull/17377

Frequently Asked Questions

What is the severity of CVE-2024-32019?
CVE-2024-32019 has been scored as a high severity vulnerability.
How to fix CVE-2024-32019?
To fix CVE-2024-32019, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-32019 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-32019 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-32019?
CVE-2024-32019 affects netdata netdata.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.