![]() ![]() ![]() ![]() They will then notice that the session is gone. These nodes will only fail to accept the session id if they intent to update the session in the database. The other nodes will however still use the cached session. When the user logs out, the session is removed from the node-local cache and deleted from the database. However, each node maintains their isolated version of the session. Modifications to sessions will update the cached version as well as the session persisted in the database. After that, the node operates solely on the cached session. Upon a cache-miss, the session is loaded from the database. ![]() Each node maintains an in-memory cache of user sessions. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. `GET /api/system/debug/support/bundle/download/`.ĬVE-2023-41041 Graylog is a free and open log management platform. Users unable to upgrade should block all HTTP requests to the following HTTP API endpoints by using a reverse proxy server in front of Graylog. This vulnerability is fixed in Graylog version 5.1.3 and later. For the Graylog Docker images, the `data_dir` is set to `/usr/share/graylog/data` by default. The vulnerability would allow the download or deletion of files in the following example directories: `/var/lib/graylog-server/support-bundle-test` and `/var/lib/graylog-server/support-bundlesdirectory`. Due to the partial path traversal vulnerability, an attacker with valid Admin role credentials can read or delete files in directories that start with a `/var/lib/graylog-server/support-bundle` directory name. The data directory for the Support Bundle feature is always `/support-bundle`. The default `data_dir` in operating system packages (DEB, RPM) is set to `/var/lib/graylog-server`. Graylog's Support Bundle feature allows an attacker with valid Admin role credentials to download or delete files in sibling directories of the support bundle directory. The vulnerability is caused by incorrect user input validation in an HTTP API resource. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. CVE-2023-41044 Graylog is a free and open log management platform. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |