Graylog
Monthly
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /system/index_sets/ endpoint where unsanitized URL parameters are echoed into HTML responses, enabling attackers to execute arbitrary JavaScript in users' browsers. An attacker can craft a malicious URL to steal session cookies, hijack user sessions, or perform unauthorized actions within the victim's Graylog interface. No patch is currently available for this vulnerability.
Reflected XSS in Graylog Web Interface version 2.2.3 fails to properly sanitize user-supplied input in the /system/pipelines/ endpoint, enabling attackers to inject malicious JavaScript through specially crafted URLs. An attacker can execute arbitrary scripts in a victim's browser and potentially hijack user sessions when the victim visits a malicious link. No patch is currently available for this vulnerability.
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /alerts/ endpoint where unencoded URL parameters are reflected in HTML responses, enabling attackers to execute arbitrary JavaScript in a victim's browser through malicious links. Successful exploitation allows session hijacking and limited account manipulation when users click crafted URLs. No patch is currently available for this vulnerability.
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /system/nodes/ endpoint where unescaped URL parameters are reflected in HTML responses, enabling attackers to execute arbitrary JavaScript in a victim's browser. An attacker can craft a malicious URL to steal session credentials or manipulate user actions within the affected Graylog instance when a user clicks the link. No patch is currently available for this vulnerability.
Reflected XSS in Graylog 2.2.3's web interface allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting malicious URLs that bypass HTML output sanitization, particularly through the user edit endpoint. An attacker can exploit this to perform session hijacking or manipulate user context with no user interaction required beyond visiting a crafted link. No patch is currently available for this vulnerability.
Graylog 2.2.3 contains an insecure direct object reference (IDOR) vulnerability in its user API endpoint that allows authenticated users to enumerate and access other users' profiles by manipulating user IDs in requests. An attacker with valid credentials can extract sensitive information including usernames, email addresses, internal identifiers, and last activity timestamps from arbitrary user accounts. No patch is currently available for this vulnerability.
Improper session invalidation in Graylog Web Interface 2.2.3 allows attackers to maintain access through expired sessions, potentially enabling persistent unauthorized access to log management systems.
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > "Allow users to create personal access tokens".
Graylog is a free and open log management platform. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Graylog is a free and open log management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /system/index_sets/ endpoint where unsanitized URL parameters are echoed into HTML responses, enabling attackers to execute arbitrary JavaScript in users' browsers. An attacker can craft a malicious URL to steal session cookies, hijack user sessions, or perform unauthorized actions within the victim's Graylog interface. No patch is currently available for this vulnerability.
Reflected XSS in Graylog Web Interface version 2.2.3 fails to properly sanitize user-supplied input in the /system/pipelines/ endpoint, enabling attackers to inject malicious JavaScript through specially crafted URLs. An attacker can execute arbitrary scripts in a victim's browser and potentially hijack user sessions when the victim visits a malicious link. No patch is currently available for this vulnerability.
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /alerts/ endpoint where unencoded URL parameters are reflected in HTML responses, enabling attackers to execute arbitrary JavaScript in a victim's browser through malicious links. Successful exploitation allows session hijacking and limited account manipulation when users click crafted URLs. No patch is currently available for this vulnerability.
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /system/nodes/ endpoint where unescaped URL parameters are reflected in HTML responses, enabling attackers to execute arbitrary JavaScript in a victim's browser. An attacker can craft a malicious URL to steal session credentials or manipulate user actions within the affected Graylog instance when a user clicks the link. No patch is currently available for this vulnerability.
Reflected XSS in Graylog 2.2.3's web interface allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting malicious URLs that bypass HTML output sanitization, particularly through the user edit endpoint. An attacker can exploit this to perform session hijacking or manipulate user context with no user interaction required beyond visiting a crafted link. No patch is currently available for this vulnerability.
Graylog 2.2.3 contains an insecure direct object reference (IDOR) vulnerability in its user API endpoint that allows authenticated users to enumerate and access other users' profiles by manipulating user IDs in requests. An attacker with valid credentials can extract sensitive information including usernames, email addresses, internal identifiers, and last activity timestamps from arbitrary user accounts. No patch is currently available for this vulnerability.
Improper session invalidation in Graylog Web Interface 2.2.3 allows attackers to maintain access through expired sessions, potentially enabling persistent unauthorized access to log management systems.
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > "Allow users to create personal access tokens".
Graylog is a free and open log management platform. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Graylog is a free and open log management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.