{"url":"http://public2.vulnerablecode.io/api/packages/411046?format=json","purl":"pkg:maven/org.graylog2/graylog2-server@0.92.0","type":"maven","namespace":"org.graylog2","name":"graylog2-server","version":"0.92.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.9","latest_non_vulnerable_version":"6.2.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38290?format=json","vulnerability_id":"VCID-5nsg-t5fw-63gs","summary":"Graylog vulnerable to insecure source port usage for DNS queries\n### Summary\nGraylog utilises only one single source port for DNS queries.\n\n### Details\nGraylog seems to bind a single socket for outgoing DNS queries. That socket is bound to a random port number which is not changed again. This goes against recommended practice since 2008, when Dan Kaminsky discovered how easy is to carry out DNS cache poisoning attacks. In order to prevent cache poisoning with spoofed DNS responses, it is necessary to maximise the uncertainty in the choice of a source port for a DNS query.\n\n\n### PoC \n\nThe attached figure shows the source ports distribution difference between Graylog configured to use a data adapter based on DNS queries and ISC Bind.  The source port distribution of the DNS queries sent from Graylog to a recursive DNS name server running Bind (CLIENT_QUERY) are depicted in purple, while the queries sent from the recursive DNS server to the authoritatives (RESOLVER_QUERY) are plotted in green color. As it can be observed, in contrast to ISC Bind which presents a heterogeneous usage of source port, Graylog utilises a single source port.\n\n![image](https://user-images.githubusercontent.com/67056857/242301750-6a5a8d0d-fcd2-40d1-bbd4-73baa8279ed3.png)\n\n### Impact\nAlthough unlikely in many setups, an external attacker could inject forged DNS responses into a Graylog's lookup table cache. In order to prevent this, it is at least recommendable to distribute the DNS queries through a pool of distinct sockets, each of them with a random source port and renew them periodically.\n\n\n\n(Credit to Iratxe Niño from Fundación Sarenet and Borja Marcos from Sarenet)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41045","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37624","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41045"},{"reference_url":"https://github.com/Graylog2/graylog2-server","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Graylog2/graylog2-server"},{"reference_url":"https://github.com/Graylog2/graylog2-server/commit/466af814523cffae9fbc7e77bab7472988f03c3e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:55:58Z/"}],"url":"https://github.com/Graylog2/graylog2-server/commit/466af814523cffae9fbc7e77bab7472988f03c3e"},{"reference_url":"https://github.com/Graylog2/graylog2-server/commit/a101f4f12180fd3dfa7d3345188a099877a3c327","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:55:58Z/"}],"url":"https://github.com/Graylog2/graylog2-server/commit/a101f4f12180fd3dfa7d3345188a099877a3c327"},{"reference_url":"https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-g96c-x7rh-99r3","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:55:58Z/"}],"url":"https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-g96c-x7rh-99r3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41045","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41045"},{"reference_url":"https://github.com/advisories/GHSA-g96c-x7rh-99r3","reference_id":"GHSA-g96c-x7rh-99r3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g96c-x7rh-99r3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71351?format=json","purl":"pkg:maven/org.graylog2/graylog2-server@5.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.graylog2/graylog2-server@5.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/71304?format=json","purl":"pkg:maven/org.graylog2/graylog2-server@5.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.graylog2/graylog2-server@5.1.3"}],"aliases":["CVE-2023-41045","GHSA-g96c-x7rh-99r3","GMS-2023-1862"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nsg-t5fw-63gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56680?format=json","vulnerability_id":"VCID-6s24-6vzs-p7by","summary":"Cross-site Scripting in Graylog Server\nGraylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11650","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47407","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11650"},{"reference_url":"https://github.com/Graylog2/graylog2-server","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Graylog2/graylog2-server"},{"reference_url":"https://github.com/Graylog2/graylog2-server/pull/4727","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Graylog2/graylog2-server/pull/4727"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11650","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11650"},{"reference_url":"https://www.graylog.org/post/announcing-graylog-v2-4-4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.graylog.org/post/announcing-graylog-v2-4-4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/111710?format=json","purl":"pkg:maven/org.graylog2/graylog2-server@2.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nsg-t5fw-63gs"},{"vulnerability":"VCID-dvyd-5gwe-kfe6"},{"vulnerability":"VCID-ghrv-e1e1-5kh7"},{"vulnerability":"VCID-h1j4-vnqy-hkem"},{"vulnerability":"VCID-nj1y-3nz9-vyan"},{"vulnerability":"VCID-u1c3-vb79-dff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.graylog2/graylog2-server@2.4.4"}],"aliases":["CVE-2018-11650","GHSA-h7g4-65mf-6mxh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6s24-6vzs-p7by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55187?format=json","vulnerability_id":"VCID-7anc-5x5g-byar","summary":"Cross-site Scripting in Graylog\nGraylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11651","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45024","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11651"},{"reference_url":"https://github.com/Graylog2/graylog2-server","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Graylog2/graylog2-server"},{"reference_url":"https://github.com/Graylog2/graylog2-server/pull/4739","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Graylog2/graylog2-server/pull/4739"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11651","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11651"},{"reference_url":"https://www.graylog.org/post/announcing-graylog-v2-4-4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.graylog.org/post/announcing-graylog-v2-4-4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/111710?format=json","purl":"pkg:maven/org.graylog2/graylog2-server@2.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nsg-t5fw-63gs"},{"vulnerability":"VCID-dvyd-5gwe-kfe6"},{"vulnerability":"VCID-ghrv-e1e1-5kh7"},{"vulnerability":"VCID-h1j4-vnqy-hkem"},{"vulnerability":"VCID-nj1y-3nz9-vyan"},{"vulnerability":"VCID-u1c3-vb79-dff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.graylog2/graylog2-server@2.4.4"}],"aliases":["CVE-2018-11651","GHSA-435g-r2m8-gjvm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7anc-5x5g-byar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/120466?format=json","vulnerability_id":"VCID-dvyd-5gwe-kfe6","summary":"Inclusion of Sensitive Information in Log Files\nA Session ID leak in the DEBUG log file in Graylog allows attackers to escalate privileges (to the access level of the leaked session ID).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37759","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66434","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37759"},{"reference_url":"https://www.graylog.org/post/announcing-graylog-v4-1-2","reference_id":"","reference_type":"","scores":[],"url":"https://www.graylog.org/post/announcing-graylog-v4-1-2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37759","reference_id":"CVE-2021-37759","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37759"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/370677?format=json","purl":"pkg:maven/org.graylog2/graylog2-server@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nsg-t5fw-63gs"},{"vulnerability":"VCID-h1j4-vnqy-hkem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.graylog2/graylog2-server@4.1.2"}],"aliases":["CVE-2021-37759"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvyd-5gwe-kfe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50506?format=json","vulnerability_id":"VCID-nj1y-3nz9-vyan","summary":"Improper Certificate Validation in Graylog\nGraylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the \"Allow self-signed certificates\" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15813","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40944","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15813"},{"reference_url":"https://github.com/Graylog2/graylog2-server/issues/5906","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Graylog2/graylog2-server/issues/5906"},{"reference_url":"https://github.com/Graylog2/graylog2-server/pull/8569","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Graylog2/graylog2-server/pull/8569"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15813","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15813"},{"reference_url":"https://github.com/advisories/GHSA-3gg9-f3vh-866f","reference_id":"GHSA-3gg9-f3vh-866f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gg9-f3vh-866f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/451808?format=json","purl":"pkg:maven/org.graylog2/graylog2-server@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nsg-t5fw-63gs"},{"vulnerability":"VCID-dvyd-5gwe-kfe6"},{"vulnerability":"VCID-ghrv-e1e1-5kh7"},{"vulnerability":"VCID-h1j4-vnqy-hkem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.graylog2/graylog2-server@3.3.3"}],"aliases":["CVE-2020-15813","GHSA-3gg9-f3vh-866f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nj1y-3nz9-vyan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60203?format=json","vulnerability_id":"VCID-u1c3-vb79-dff1","summary":"Cross-site Scripting in Graylog Server\nIn Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14380","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50163","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14380"},{"reference_url":"https://github.com/Graylog2/graylog2-server","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Graylog2/graylog2-server"},{"reference_url":"https://github.com/Graylog2/graylog2-server/pull/4904","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Graylog2/graylog2-server/pull/4904"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14380","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14380"},{"reference_url":"https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/163090?format=json","purl":"pkg:maven/org.graylog2/graylog2-server@2.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nsg-t5fw-63gs"},{"vulnerability":"VCID-dvyd-5gwe-kfe6"},{"vulnerability":"VCID-ghrv-e1e1-5kh7"},{"vulnerability":"VCID-h1j4-vnqy-hkem"},{"vulnerability":"VCID-nj1y-3nz9-vyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.graylog2/graylog2-server@2.4.6"}],"aliases":["CVE-2018-14380","GHSA-38hf-xjmx-jrh8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u1c3-vb79-dff1"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.graylog2/graylog2-server@0.92.0"}