3 matches found
org.graylog.plugins:graylog-plugin-parent (>=5.2.0 <=5.2.12), org.graylog.plugins:graylog-plugin-web-parent (>=5.2.0 <=5.2.12) potentially affected by CVE-2024-24823 via org.graylog2:graylog2-server (>=5.2.0-alpha.1 <=5.2.3)
org.graylog2:graylog2-server MAVEN version =5.2.0-alpha.1, =5.2.0, =5.2.0, =5.2.12 Source cves: CVE-2024-24823 Source advisory: OSV:GHSA-3XF8-G8GR-G7RH...
CVE-2024-24823
Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain...
CVE-2024-24823
Graylog2-server is affected by a session-fixation vulnerability where reauthenticating with an existing session cookie could allow elevated access to an existing Graylog login session if a malicious actor can inject or replace a cookie in a user’s browser. Affected versions: prior to 5.1.11 and 5...