3 matches found
com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.0.0) +10 more potentially affected by CVE-2024-24824 via org.graylog2:graylog2-server (>=2.0.0 <=5.1.10)
org.graylog2:graylog2-server MAVEN version =2.0.0, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.1.2, =2.2.0-alpha.1 Source cves: CVE-2024-24824 Source advisory: OSV:GHSA-P6GG-5HF4-4RGJ...
org.graylog.plugins:graylog-plugin-parent (>=5.2.0 <=5.2.12), org.graylog.plugins:graylog-plugin-web-parent (>=5.2.0 <=5.2.12) potentially affected by CVE-2024-24824 via org.graylog2:graylog2-server (>=5.2.0-alpha.1 <=5.2.3)
org.graylog2:graylog2-server MAVEN version =5.2.0-alpha.1, =5.2.0, =5.2.0, =5.2.12 Source cves: CVE-2024-24824 Source advisory: OSV:GHSA-P6GG-5HF4-4RGJ...
CVE-2024-24824
CVE-2024-24824 affects Graylog server prior to 5.1.11 and 5.2.4. The issue arises when an authenticated user with appropriate permissions sends a HTTP PUT to the endpoint "/api/system/cluster_config/", allowing loading and instantiation of arbitrary classes by using fully-qualified class names as...