4 matches found
CVE-2023-41044
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...
CVE-2023-41044
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...
CVE-2023-41044
Graylog exposes a partial path traversal vulnerability in its Support Bundle feature (requires valid Admin credentials). The issue stems from improper input validation in an HTTP API resource, allowing reading or deleting files under sibling directories of the support-bundle directory (data_dir d...
com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (=5.2.0), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=5.1.2) +3 more potentially affected by CVE-2023-41044 via org.graylog2:graylog2-server (>=5.1.0 <=5.1.2)
org.graylog2:graylog2-server MAVEN version =5.1.0, =5.1.0, =5.1.0, =5.1.13 Source cves: CVE-2023-41044 Source advisory: OSV:GHSA-2Q4P-F6GF-MQR5...