3.8 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
36.4%
A partial path traversal vulnerability exists in Graylog’s Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource.
Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information.
Graylog’s Support Bundle feature allows an attacker with valid Admin role credentials to download or delete files in sibling directories of the support bundle directory.
The default data_dir
in operating system packages (DEB, RPM) is set to /var/lib/graylog-server
. The data directory for the Support Bundle feature is always <data_dir>/support-bundle
.
Due to the partial path traversal vulnerability, an attacker with valid Admin role credentials can read or delete files in directories that start with a /var/lib/graylog-server/support-bundle
directory name.
The vulnerability would allow the download or deletion of files in the following example directories.
/var/lib/graylog-server/support-bundle-test
/var/lib/graylog-server/support-bundlesdirectory
For the Graylog and Graylog Enterprise Docker images, the data_dir
is set to /usr/share/graylog/data
by default.
The vulnerability is fixed in Graylog version 5.1.3 and later.
Block all HTTP requests to the following HTTP API endpoints by using a reverse proxy server in front of Graylog.
GET /api/system/debug/support/bundle/download/{filename}
DELETE /api/system/debug/support/bundle/{filename}
CPE | Name | Operator | Version |
---|---|---|---|
org.graylog2:graylog2-server | lt | 5.1.3 |
github.com/advisories/GHSA-2q4p-f6gf-mqr5
github.com/Graylog2/graylog2-server/commit/02b8792e6f4b829f0c1d87fcbf2d58b73458b938
github.com/Graylog2/graylog2-server/security/advisories/GHSA-2q4p-f6gf-mqr5
go2docs.graylog.org/5-1/making_sense_of_your_log_data/cluster_support_bundle.htm
nvd.nist.gov/vuln/detail/CVE-2023-41044