Session ID Leak in Graylog DEBUG Log File: Privilege Escalation Vulnerability

Session ID Leak in Graylog DEBUG Log File: Privilege Escalation Vulnerability

CVE-2021-37759 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).

Learn more about our Web Application Penetration Testing UK.