CVE-2023-41044

CVSS 3.1 Score 3.8 of 10 (low)

Details

Published Aug 31, 2023
Updated: Sep 6, 2023
CWE ID 22

Summary

CVE-2023-41044 is a partial path traversal vulnerability affecting Graylog's Support Bundle feature. With valid Admin role credentials, an attacker can download or delete files in sibling directories of the support bundle directory. The vulnerability arises due to incorrect user input validation in an HTTP API resource. By manipulating the file name in the API endpoints `GET /api/system/debug/support/bundle/download/{filename}` and `DELETE /api/system/debug/support/bundle/{filename}`, an attacker can traverse and access or delete files in various directories, including those starting with `/var/lib/graylog-server/support-bundle`. This issue is fixed in Graylog versions 5.1.3 and later. Users unable to upgrade should block the affected API endpoints using a reverse proxy server.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-41044 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions