Seq Security Vulnerabilities and Issues — Seq CVE List

DatalustSeq

7 matches found

CVE•added 2018/03/14 12:0 a.m.•71 views

CVE-2018-8096

CVE-2018-8096 affects Datalust Seq versions before 4.2.605. The vulnerability is an authentication bypass exploitable via a PUT request to api/settings/setting-isauthenticationenabled with "Name":"isauthenticationenabled","Value":false, potentially granting admin access. Multiple connected source...

9.8CVSS9.3AI score0.5006EPSS

Web

CVE•added 2025/03/11 12:0 a.m.•63 views

CVE-2024-58102

CVE-2024-58102 affects Datalust Seq prior to 2024.3.13545. The issue is an insecure default parsing depth limit that allows stack consumption when processing user-supplied queries containing deeply nested expressions. This is the stated root cause and impacts availability (via potential stack exh...

6.5CVSS7.2AI score0.00319EPSS

CVE•added 2025/03/11 12:0 a.m.•60 views

CVE-2025-27912

CVE-2025-27912 affects Datalust Seq prior to 2024.3.13545. The issue is caused by missing Content-Type validation, enabling CSRF when a user authenticated via Entra ID/OpenID Connect, or via username/password/AD, visits a malicious site on the same TLD as the Seq server. Exploitation could allow ...

8.8CVSS7.2AI score0.00175EPSS

CVE•added 2023/07/22 12:0 a.m.•58 views

CVE-2023-38195

Datalust Seq versions prior to 2023.2.9489 are affected. The issue allows insertion of sensitive information into externally accessible files or directories when external metadata storage (SQL Server or PostgreSQL) is used, and exploitation requires a high-privilege user. Remediation: upgrade to ...

4.9CVSS5AI score0.00432EPSS

CVE•added 2025/03/11 12:0 a.m.•58 views

CVE-2025-27911

CVE-2025-27911 affects Datalust Seq prior to 2024.3.13545. The issue is in the expansion of identifiers in message templates, which can bypass the system’s “Event body limit bytes” setting. This can cause increased resource consumption, and with sufficiently large events may lead to disk space ex...

6.5CVSS7.1AI score0.00393EPSS

CVE•added 2024/03/21 12:0 a.m.•55 views

CVE-2024-29866

Datalust Seq is affected by an Incorrect Access Control vulnerability disclosed as CVE-2024-29866. Versions before 2023.4.11151 and before 2024.1.11146 allow a Project Owner or Organization Owner to escalate to System privileges. The issue is described consistently across sources, with a high-sev...

9.1CVSS7.1AI score0.0069EPSS

CVE•added 2021/09/27 5:45 a.m.•52 views

CVE-2021-41329

CVE-2021-41329 affects Datalust Seq prior to 2021.2.6259. The issue is an information exposure caused by an internal cache key collision: when a user has a view filter with an array/IN clause and another user runs an identical query with different array elements, the results may be visible to the...

6.5CVSS6.3AI score0.00954EPSS