A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
References
Link | Resource |
---|---|
https://www.graylog.org/post/announcing-graylog-v4-1-2 | Vendor Advisory |
https://www.graylog.org/post/announcing-graylog-v4-1-2 | Vendor Advisory |
Configurations
History
21 Nov 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.graylog.org/post/announcing-graylog-v4-1-2 - Vendor Advisory |
Information
Published : 2021-07-31 18:15
Updated : 2024-11-21 06:15
NVD link : CVE-2021-37760
Mitre link : CVE-2021-37760
CVE.ORG link : CVE-2021-37760
JSON object : View
Products Affected
graylog
- graylog
CWE
CWE-532
Insertion of Sensitive Information into Log File