CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-24824 – graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request
https://notcve.org/view.php?id=CVE-2024-24824
07 Feb 2024 — Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary c... • https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24823 – graylog2-server Session Fixation vulnerability through cookie injection
https://notcve.org/view.php?id=CVE-2024-24823
07 Feb 2024 — Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it req... • https://github.com/Graylog2/graylog2-server/commit/1596b749db86368ba476662f23a0f0c5ec2b5097 • CWE-384: Session Fixation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41045 – Insecure source port usage for DNS queries in Graylog
https://notcve.org/view.php?id=CVE-2023-41045
31 Aug 2023 — Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against recommended practice since 2008, when Dan Kaminsky discovered how easy is to carry out DNS cache poisoning attacks. In order to prevent cache poisoning with spoofed DNS responses, it is necessary to maximise the uncertainty in the choice o... • https://github.com/Graylog2/graylog2-server/commit/466af814523cffae9fbc7e77bab7472988f03c3e • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41044 – Partial path traversal vulnerability in Support Bundle feature of Graylog
https://notcve.org/view.php?id=CVE-2023-41044
31 Aug 2023 — Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role credentials to download or delete files in sibling directories of the support bundle directory. The default `data_dir` in operating system packages (DEB, RPM) is set to `/var/lib/graylog-server`. • https://github.com/Graylog2/graylog2-server/commit/02b8792e6f4b829f0c1d87fcbf2d58b73458b938 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41041 – User session is still usable after logout in graylog2-server
https://notcve.org/view.php?id=CVE-2023-41041
30 Aug 2023 — Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss, the session is loaded from the database. After that, the node operates solely on the cached session. • https://github.com/Graylog2/graylog2-server/commit/bb88f3d0b2b0351669ab32c60b595ab7242a3fe3 • CWE-613: Insufficient Session Expiration •