VYPR

Graylog2 Server

by Graycms

Source repositories

CVEs (9)

  • CVE-2024-24824HigFeb 7, 2024
    risk 0.53cvss 8.8epss 0.34

    Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses…

  • CVE-2025-46827HigMay 7, 2025
    risk 0.52cvss 8.0epss 0.00

    Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user…

  • CVE-2025-53106HigJul 2, 2025
    risk 0.50cvss 8.8epss 0.01

    Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user…

  • CVE-2024-52506MedNov 18, 2024
    risk 0.42cvss 6.5epss 0.01

    Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This…

  • CVE-2025-30373MedApr 7, 2025
    risk 0.35cvss 6.5epss 0.00

    Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value…

  • CVE-2024-24823MedFeb 7, 2024
    risk 0.30cvss 5.7epss 0.00

    Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session…

  • CVE-2023-41045LowAug 31, 2023
    risk 0.17cvss 3.7epss 0.00

    Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against…

  • CVE-2023-41044LowAug 31, 2023
    risk 0.14cvss 3.3epss 0.01

    Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker…

  • CVE-2023-41041LowAug 30, 2023
    risk 0.10cvss 2.6epss 0.00

    Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions.…