A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
References
Link | Resource |
---|---|
https://www.graylog.org/post/announcing-graylog-v4-1-2 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2021-07-31 18:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-37760
Mitre link : CVE-2021-37760
CVE.ORG link : CVE-2021-37760
JSON object : View
Products Affected
graylog
- graylog
CWE
CWE-532
Insertion of Sensitive Information into Log File