org.graylog2:graylog2-server
Maven8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.graylog2:graylog2-serverpage 1 of 1
- CVE-2018-11650MEDIUMCVSS 6.1✓ Fixed in 2.4.42018-06-01
vulnerable: 0.20.0-rc.1-1 ... 2.4.3 (117 versions)
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.
- CVE-2018-11651MEDIUMCVSS 6.1✓ Fixed in 2.4.42018-06-01
vulnerable: 0.20.0-rc.1-1 ... 2.4.3 (117 versions)
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.
- CVE-2018-14380MEDIUMCVSS 6.1✓ Fixed in 2.4.62018-07-18
vulnerable: 0.20.0-rc.1-1 ... 2.4.5 (119 versions)
In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.
- CVE-2023-41041LOWCVSS 2.6EG 2.6✓ Fixed in 5.1.32023-08-30
vulnerable: 5.1.0, 5.1.1, 5.1.2
Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintai…
- CVE-2023-41044LOWCVSS 3.3EG 3.3✓ Fixed in 5.1.32023-08-31
vulnerable: 5.1.0, 5.1.1, 5.1.2
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Supp…
- CVE-2023-41045LOWCVSS 3.7EG 3.7✓ Fixed in 5.0.92023-08-31
vulnerable: 0.20.0-rc.1-1 ... 5.0.8 (251 versions)
Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never…
- CVE-2024-24823MEDIUMCVSS 5.7EG 5.7✓ Fixed in 5.2.42024-02-07
vulnerable: 5.2.0 ... 5.2.3 (10 versions)
Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In…
- CVE-2024-24824HIGHCVSS 8.8EG 8.8✓ Fixed in 5.2.42024-02-07
vulnerable: 5.2.0 ... 5.2.3 (10 versions)
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. …
Check whether org.graylog2:graylog2-server is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.graylog2:graylog2-server CVEs against the assets you own.
Start Free Scan →