Beware! Critical Vulnerability in Graylog Exposes Sensitive Data

CVECVE-2024-24824
CVSScvssV3_1: 8.8
SourceCVE-2024-24824

Graylog, a popular open source log management platform, was found to have a vulnerability that could allow attackers to execute arbitrary code and access sensitive files on affected systems.

Versions 2.0.0 up to 5.1.10 and 5.2.3 of Graylog had a flaw in the way it handled HTTP requests to its cluster configuration API. By sending a specially crafted request, an attacker could trick the software into loading and instantiating any Java class of their choosing.

This included classes like java.io.File that could be used to read the contents of files on the server. So a hacker exploiting this issue could potentially view configuration files or log files containing sensitive user data.

Worse still, because the vulnerable code was executed during class loading, it allowed running arbitrary Java code with the privileges of the Graylog process. An attacker may be able to use this to completely compromise affected Graylog servers.

Thankfully, the developers have released patches in versions 5.1.11 and 5.2.4 to fix this serious remote code execution vulnerability. All Graylog users are strongly recommended to upgrade immediately to the latest versions to protect their systems and data. Proper access controls and network segmentation can also help minimize risks from exploits of vulnerabilities like this.

References