CVE-2024-24823
CVSS 3.1 Score 4.4 of 10 (medium)
Details
Summary
CVE-2024-24823 is a vulnerability affecting Graylog's log management platform, specifically versions 4.3.0 and earlier up to 5.2.4. The issue lies in the reuse of session ids during reauthentication, which can lead to unauthorized access to existing Graylog sessions. An attacker would need to present a spoofed login screen and inject a session cookie into someone else's browser, potentially via a complex cross-site scripting attack. No known attacks have been reported, but using short session expiration and explicit logouts can help mitigate the risk. Graylog versions 5.1.11, 5.2.4, and the entire 6.0 development branch include fixes preventing session id reuse. A workaround involves clearing the `authentication` cookie for the Graylog server URL's `/api/system/sessions` endpoint via a proxy.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Graylog
Affected Vendors
- Graylog