Graylog
CVE-2024-24824
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 1 maven packages depend on org.graylog2:graylog2-server (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2.0.0.
DescriptionNVD
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/cluster_config/ endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of java.io.File, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue.
AnalysisAI
Graylog is a free and open log management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-284. Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/cluster_config/ endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of java.io.File, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue. Affected products include: Graylog. Version information: version 2.0.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Graylog is a free and open log management platform. Rated high severity (CVSS 7.1), this vulnerability is remotely explo
Improper session invalidation in Graylog Web Interface 2.2.3 allows attackers to maintain access through expired session
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access l
Graylog is a free and open log management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exp
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. Rated high severity (CVSS 8.1), this vulnerabili
Graylog is a free and open log management platform. Rated high severity (CVSS 8.0), this vulnerability is remotely explo
Graylog is a free and open log management platform. Rated low severity (CVSS 3.8), this vulnerability is remotely exploi
Graylog is a free and open log management platform. Rated low severity (CVSS 3.1), this vulnerability is remotely exploi
Graylog is a free and open log management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
Graylog 2.2.3 contains an insecure direct object reference (IDOR) vulnerability in its user API endpoint that allows aut
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today