Home > Vulnerability Database > WS-2023-0251

Mend.io Vulnerability Database

WS-2023-0251

Good to know:

Date: July 5, 2023

An Insufficient Session Expiration exists in graylog server. After a user has logged out, the UI shows the login screen again, which gives the user the impression that their session is not valid anymore - but the session is still usable after logout. However, if the session becomes compromised later, it can still be used to perform API requests against the Graylog cluster. The time frame for this is limited to the configured session lifetime, starting from the time when the user logged out.The issue is fixed in versions 5.0.9 and 5.1.3.

Language: Java

Severity Score

5.4

Related Resources (2)

Url: https://github.com/Graylog2/graylog2-server/commit/bb88f3d0b2b0351669ab32c60b595ab7242a3fe3

Url: https://www.mend.io/vulnerability-database/WS-2023-0251

Severity Score

5.4

Weakness Type (CWE)

Insufficient Session Expiration

CWE-613

Top Fix

Upgrade Version

Upgrade to version org.graylog2:graylog2-server:5.0.9,5.1.3

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0251

Good to know:

Date: July 5, 2023

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?