CVE-2021-37760: Inclusion of Sensitive Information in Log Files

July 31, 2021 (updated August 10, 2021)

A Session ID leak in the audit log in Graylog allows attackers to escalate privileges (to the access level of the leaked session ID).

References

nvd.nist.gov/vuln/detail/CVE-2021-37760
www.graylog.org/post/announcing-graylog-v4-1-2

Detect and mitigate CVE-2021-37760 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →