27 matches found
org.graylog.plugins:graylog-plugin-parent (>=6.2.0 <=6.2.14), org.graylog.plugins:graylog-plugin-web-parent (>=6.2.0 <=6.2.14) potentially affected by CVE-2025-53106 via org.graylog2:graylog2-server (>=6.2.0 <=6.2.3)
org.graylog2:graylog2-server MAVEN version =6.2.0, =6.2.0, =6.2.0, =6.2.14 Source cves: CVE-2025-53106 Source advisory: OSV:GHSA-3M86-C9X3-VWM9...
org.graylog.plugins:graylog-plugin-parent (>=6.2.0 <=6.2.14), org.graylog.plugins:graylog-plugin-web-parent (>=6.2.0 <=6.2.14) potentially affected by CVE-2025-53106 via org.graylog2:graylog2-server (>=6.2.0 <=6.2.3)
org.graylog2:graylog2-server MAVEN version =6.2.0, =6.2.0, =6.2.0, =6.2.14 Source cves: CVE-2025-53106 Source advisory: SNYK:JAVA-ORGGRAYLOG2-10571076...
Improper Authorization
Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Improper Authorization via an incorrect permission check in the token creation process. An attacker can gain elevated privileges by crafting requests to the REST API and creatin...
org.graylog.plugins:graylog-plugin-parent (>=6.0.0 <=6.0.13), org.graylog.plugins:graylog-plugin-web-parent (>=6.0.0 <=6.0.13) potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=6.0.0 <=6.0.13)
org.graylog2:graylog2-server MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.13 Source cves: CVE-2025-46827 Source advisory: SNYK:JAVA-ORGGRAYLOG2-10116752...
com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.1.0 <=6.1.3), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=6.1.0) +3 more potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=6.1.0 <=6.1.1)
org.graylog2:graylog2-server MAVEN version =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.1 Source cves: CVE-2025-46827 Source advisory: SNYK:JAVA-ORGGRAYLOG2-10116752...
Cross-site Scripting (XSS)
Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Event Definition Remediation Step field. An attacker can obtain user session cookies by submitting an HTML form. Note: This is only exploitable ...
com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.1.0 <=6.1.3), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=6.1.0) +3 more potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=6.1.0 <=6.1.1)
org.graylog2:graylog2-server MAVEN version =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.1 Source cves: CVE-2025-46827 Source advisory: OSV:GHSA-76VF-MPMX-777J...
com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.2.1) +12 more potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=6.0.13)
org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2025-46827 Source advisory: OSV:GHSA-76VF-MPMX-777J...
Cross-site Scripting (XSS)
Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the plugins and API Browser. An attacker with the FILESCREATE permission can upload and execute arbitrary Javascript, leading to unauthorized action...
com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.0.0 <=6.1.7), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (>=6.0.0 <=6.1.0) +3 more potentially affected by unknown CVE via org.graylog2:graylog2-server (>=6.0.0 <=6.1.8)
org.graylog2:graylog2-server MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.1.16 Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGGRAYLOG2-10121303...
com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=6.1.7) +12 more potentially affected by unknown CVE via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=6.1.8)
org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: unknown CVE Source advisory: OSV:GHSA-Q9Q2-3PPX-MWQF...
com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.1.0 <=6.1.7), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=6.1.0) +3 more potentially affected by CVE-2025-30373 via org.graylog2:graylog2-server (>=6.1.0 <=6.1.8)
org.graylog2:graylog2-server MAVEN version =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.16 Source cves: CVE-2025-30373 Source advisory: OSV:GHSA-Q7G5-JQ6P-6WVX...
com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.1.0 <=6.1.7), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=6.1.0) +3 more potentially affected by CVE-2025-30373 via org.graylog2:graylog2-server (>=6.1.0 <=6.1.8)
org.graylog2:graylog2-server MAVEN version =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.16 Source cves: CVE-2025-30373 Source advisory: SNYK:JAVA-ORGGRAYLOG2-9668945...
Authentication Bypass Using an Alternate Path or Channel
Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the channelRead0 function. An attacker can bypass authentication by sending HTTP requests without required...
org.graylog.plugins:graylog-plugin-parent (>=5.2.0 <=5.2.12), org.graylog.plugins:graylog-plugin-web-parent (>=5.2.0 <=5.2.12) potentially affected by CVE-2024-24823 via org.graylog2:graylog2-server (>=5.2.0-alpha.1 <=5.2.3)
org.graylog2:graylog2-server MAVEN version =5.2.0-alpha.1, =5.2.0, =5.2.0, =5.2.12 Source cves: CVE-2024-24823 Source advisory: OSV:GHSA-3XF8-G8GR-G7RH...
com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=4.4.0 <=5.0.0), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (>=4.2.0 <=5.0.0) +4 more potentially affected by CVE-2024-24823 via org.graylog2:graylog2-server (>=4.3.0 <=5.1.10)
org.graylog2:graylog2-server MAVEN version =4.3.0, =4.4.0, =4.2.0, =4.2.0, =2.0.0, =4.3.0, =4.3.0, =5.1.10 Source cves: CVE-2024-24823 Source advisory: OSV:GHSA-3XF8-G8GR-G7RH...
org.graylog.plugins:graylog-plugin-parent (>=5.2.0 <=5.2.12), org.graylog.plugins:graylog-plugin-web-parent (>=5.2.0 <=5.2.12) potentially affected by CVE-2024-24824 via org.graylog2:graylog2-server (>=5.2.0-alpha.1 <=5.2.3)
org.graylog2:graylog2-server MAVEN version =5.2.0-alpha.1, =5.2.0, =5.2.0, =5.2.12 Source cves: CVE-2024-24824 Source advisory: OSV:GHSA-P6GG-5HF4-4RGJ...
com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.0.0) +10 more potentially affected by CVE-2024-24824 via org.graylog2:graylog2-server (>=2.0.0 <=5.1.10)
org.graylog2:graylog2-server MAVEN version =2.0.0, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.1.2, =2.2.0-alpha.1 Source cves: CVE-2024-24824 Source advisory: OSV:GHSA-P6GG-5HF4-4RGJ...
com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (=5.2.0), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=5.1.2) +3 more potentially affected by CVE-2023-41044 via org.graylog2:graylog2-server (>=5.1.0 <=5.1.2)
org.graylog2:graylog2-server MAVEN version =5.1.0, =5.1.0, =5.1.0, =5.1.13 Source cves: CVE-2023-41044 Source advisory: OSV:GHSA-2Q4P-F6GF-MQR5...
com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (=5.2.0), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=5.1.2) +3 more potentially affected by CVE-2023-41045 via org.graylog2:graylog2-server (>=5.1.0 <=5.1.2)
org.graylog2:graylog2-server MAVEN version =5.1.0, =5.1.0, =5.1.0, =5.1.13 Source cves: CVE-2023-41045 Source advisory: OSV:GHSA-G96C-X7RH-99R3...