Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect management of session invalidation vulnerability in Graylog Web Interface
Vulnerability Description
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers, which remain valid even after multiple consecutive logins by the same user. As a result, a stolen or leaked 'sessionId' can continue to be used to authenticate valid requests. Exploiting this vulnerability would allow an attacker with access to the web service/API network (port 9000 or HTTP/S endpoint of the server) to reuse an old session token to gain unauthorized access to the application, interact with the API/web, and compromise the integrity of the affected account.
CVSS Information
N/A
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Graylog Web Interface 代码问题漏洞
Vulnerability Description
Graylog Web Interface是美国Graylog公司的一套Web界面。 Graylog Web Interface 2.2.3版本存在代码问题漏洞,该漏洞源于新登录后会话失效管理不当,可能导致旧会话令牌被重用以获得未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A