CVE-2023-41044
CVSS 3.1 Score 3.8 of 10 (low)
Details
Summary
CVE-2023-41044 is a partial path traversal vulnerability affecting Graylog's Support Bundle feature. With valid Admin role credentials, an attacker can download or delete files in sibling directories of the support bundle directory. The vulnerability arises due to incorrect user input validation in an HTTP API resource. By manipulating the file name in the API endpoints `GET /api/system/debug/support/bundle/download/{filename}` and `DELETE /api/system/debug/support/bundle/{filename}`, an attacker can traverse and access or delete files in various directories, including those starting with `/var/lib/graylog-server/support-bundle`. This issue is fixed in Graylog versions 5.1.3 and later. Users unable to upgrade should block the affected API endpoints using a reverse proxy server.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Graylog
Affected Vendors
- Graylog
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions