Количество 3
Количество 3
CVE-2025-30373
Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless. To mitigate the vulnerability, disable http-based inputs and allow only authenticated pull-based inputs. This vulnerability is fixed in 6.1.9.
CVE-2025-30373
Graylog is a free and open log management platform. Starting with 6.1, ...
GHSA-q7g5-jq6p-6wvx
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-30373 Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless. To mitigate the vulnerability, disable http-based inputs and allow only authenticated pull-based inputs. This vulnerability is fixed in 6.1.9. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| CVE-2025-30373 Graylog is a free and open log management platform. Starting with 6.1, ... | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| GHSA-q7g5-jq6p-6wvx Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу