// For flags

CVE-2020-15813

 

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the "Allow self-signed certificates" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism.

Graylog versiones anteriores a 3.3.3, carece de una comprobación de certificado SSL para servidores LDAP. Permite el uso de una base de datos de usuarios y grupos externos almacenados en LDAP. La configuración de la conexión permite el uso de conexiones sin cifrar, con seguridad SSL o TLS. Desafortunadamente, el código del cliente Graylog (en todas las versiones que admiten LDAP) no implementa una comprobación de certificado adecuada (independientemente de si se usa la opción "Allow self-signed certificates"). Por lo tanto, cualquier atacante con la capacidad de interceptar el tráfico de red entre un servidor Graylog y un servidor LDAP puede redireccionar el tráfico hacia un servidor LDAP diferente (desapercibido por el servidor Graylog debido a la falta de comprobación del certificado), omitiendo efectivamente el mecanismo de autenticación de Graylog

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-07-17 CVE Reserved
  • 2020-07-17 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
References (1)
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Graylog
Search vendor "Graylog"
Graylog
Search vendor "Graylog" for product "Graylog"
< 3.3.3
Search vendor "Graylog" for product "Graylog" and version " < 3.3.3"
-
Affected