CVE-2021-37759
Inclusion of Sensitive Information in Log Files in maven/org.graylog2/graylog2-server
Identifiers
CVE-2021-37759
Package Slug
maven/org.graylog2/graylog2-server
Vulnerability
Inclusion of Sensitive Information in Log Files
Description
A Session ID leak in the DEBUG log file in Graylog allows attackers to escalate privileges (to the access level of the leaked session ID).
Affected Versions
All versions starting from 0.20.0 before 4.1.2
Solution
Upgrade to version 4.1.2 or above.
Last Modified
2021-08-11
| source |