Home > Vulnerability Database > WS-2023-0234

Mend.io Vulnerability Database

WS-2023-0234

Good to know:

Date: July 5, 2023

A partial path traversal vulnerability exists in Graylog's Support Bundle feature, from 5.1.0 before 5.1.3. The vulnerability is caused by incorrect user input validation in an HTTP API resource. It allows an attacker with valid Admin role credentials can read or delete files in directories that start with a /var/lib/graylog-server/support-bundle directory name.

Language: Java

Severity Score

4.9

Related Resources (2)

Url: https://github.com/Graylog2/graylog2-server/commit/02b8792e6f4b829f0c1d87fcbf2d58b73458b938

Url: https://www.mend.io/vulnerability-database/WS-2023-0234

Severity Score

4.9

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version org.graylog2:graylog2-server:5.1.3

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0234

Good to know:

Date: July 5, 2023

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?