CNNVD-202507-146 Information
CNNVD ID
CNNVD-202507-146
Related CVE
- CNNVD Published: 2025-07-02
Description (Chinese)
Graylog是美国Graylog公司的一套集中式日志管理解决方案。该产品支持捕获、存储和实时分析日志等。 Graylog 6.2.0至6.2.4之前版本和6.3.0-alpha.1至6.3.0-rc.2之前版本存在授权问题漏洞,该漏洞源于权限检查不足,可能导致权限提升。
Description (English)
Graylog is a centralized log management solution for Graylog in the United States. The product supports, inter alia, capture, storage and real-time analysis logs. Before Graylog 6.2.0 to 6.2.4 and before 6.3.0-alpha.1 to 6.3.0-rc.2, there is a gap in the delegation of authority, which arises from inadequate authority checks, which may lead to increased authority.
Hazard Level
Medium
Vulnerability Type
授权问题
Affected Vendor
Graylog
Published
2025-07-02
Last Modified
2026-02-24
References
https://github.com/Graylog2/graylog2-server/commit/6936bd16a783c2944a3d2f1e83902062520f90e3 https://github.com/Graylog2/graylog2-server/commit/9215b8f1fd32566c31e6f7447ed864df3590c157 https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3m86-c9x3-vwm9
Patch
https://github.com/Graylog2/graylog2-server/tags
Share on: