CVE-2024-24823

Summary

CVE-2024-24823 is a vulnerability that affects Graylog, a free and open log management platform. The vulnerability exists in versions 4.3.0 and prior to versions 5.1.11 and 5.2.4, allowing reauthentication with an existing session cookie to reuse the session ID, even if different user credentials are used. This could potentially lead to elevated access to an existing Graylog login session if a malicious user injects their session cookie into someone else's browser through a spoofed login screen or cross-site scripting attack. Graylog 5.1.11, 5.2.4, and any versions of the 6.0 development branch have been patched to prevent session reuse under any circumstances. Remediation can be done by using short session expiration and explicit logouts of unused sessions to limit the attack vector. The potential danger of this vulnerability lies in unauthorized access to sensitive information and privileges within an organization's Graylog system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.