Identifier

CVE-2020-15813

Package Slug

maven/org.graylog2/graylog2-server

Vulnerability

Improper Certificate Validation

Description

Graylog lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections.

Affected Versions

All versions before 3.3.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-07-24

source