Graylog · Graylog · CVE-2021-37759
Name of the Vulnerable Software and Affected Versions:
Graylog versions prior to 4.1.2
Description:
A Session ID leak in the DEBUG log file allows attackers to escalate privileges to the access level of the leaked session ID.
Recommendations:
For Graylog versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the DEBUG log file to minimize the risk of exploitation.