Graylog
CVE-2020-15813
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the "Allow self-signed certificates" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism.
AnalysisAI
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-295. Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the "Allow self-signed certificates" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism. Affected products include: Graylog. Version information: before 3.3.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Graylog is a free and open log management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely explo
Graylog is a free and open log management platform. Rated high severity (CVSS 7.1), this vulnerability is remotely explo
Improper session invalidation in Graylog Web Interface 2.2.3 allows attackers to maintain access through expired session
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access l
Graylog is a free and open log management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exp
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-
Graylog is a free and open log management platform. Rated high severity (CVSS 8.0), this vulnerability is remotely explo
Graylog is a free and open log management platform. Rated low severity (CVSS 3.8), this vulnerability is remotely exploi
Graylog is a free and open log management platform. Rated low severity (CVSS 3.1), this vulnerability is remotely exploi
Graylog is a free and open log management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
Graylog 2.2.3 contains an insecure direct object reference (IDOR) vulnerability in its user API endpoint that allows aut
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today