2 matches found
GHSA-3M86-C9X3-VWM9 Graylog vulnerable to privilege escalation through API tokens
Impact Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests ...
Positions can be created to mint unlimited tokens and still run off with the provided collateral.
Lines of code Vulnerability details Impact Brief Introduction A compromised position can be used to mint tokens up to the limit. The attacker can also withdraw this collateral. Hence, the attacker can mint tokens against his collateral and withdraw his collateral at the same time. Explanation...