Graylog

Graylog

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-52506

Exploit
  • EPSS 0.29%
  • Veröffentlicht 18.11.2024 21:15:06
  • Zuletzt bearbeitet 03.11.2025 19:31:27

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple ...

8.8

CVE-2024-24824

Exploit
  • EPSS 3.89%
  • Veröffentlicht 07.02.2024 18:15:55
  • Zuletzt bearbeitet 21.11.2024 08:59:47

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's c...

4.4

CVE-2024-24823

  • EPSS 0.13%
  • Veröffentlicht 07.02.2024 18:15:54
  • Zuletzt bearbeitet 21.11.2024 08:59:47

Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case,...

5.3

CVE-2023-41045

Exploit
  • EPSS 0.13%
  • Veröffentlicht 31.08.2023 18:15:09
  • Zuletzt bearbeitet 21.11.2024 08:20:26

Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed ag...

3.8

CVE-2023-41044

Exploit
  • EPSS 0.2%
  • Veröffentlicht 31.08.2023 18:15:09
  • Zuletzt bearbeitet 21.11.2024 08:20:26

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle ...

3.1

CVE-2023-41041

Exploit
  • EPSS 0.17%
  • Veröffentlicht 30.08.2023 22:15:10
  • Zuletzt bearbeitet 21.11.2024 08:20:26

Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-me...

9.8

CVE-2021-37760

  • EPSS 0.5%
  • Veröffentlicht 31.07.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:15:52

A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).

9.8

CVE-2021-37759

  • EPSS 0.5%
  • Veröffentlicht 31.07.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:15:52

A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).

8.1

CVE-2020-15813

  • EPSS 0.19%
  • Veröffentlicht 17.07.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:13

Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the...

6.1

CVE-2018-14380

  • EPSS 0.27%
  • Veröffentlicht 18.07.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:57

In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.