Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 806055 (CVE-2021-37760) - app-admin/graylog: privilege escalation (CVE-2021-37760)
Summary: app-admin/graylog: privilege escalation (CVE-2021-37760)
Status: CONFIRMED
Alias: CVE-2021-37760
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.graylog.org/post/announci...
Whiteboard: ~4 [ebuild]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2021-08-01 18:35 UTC by John Helmert III
Modified: 2021-08-07 12:50 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-08-01 18:35:28 UTC
CVE-2021-37760:

A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).


Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-08-07 12:50:31 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=519ec97409d80c963d554350415a154da4a4ec98

commit 519ec97409d80c963d554350415a154da4a4ec98
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-08-06 12:32:22 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-08-07 12:47:51 +0000

    app-admin/graylog: drop vulnerable
    
    Bug: https://bugs.gentoo.org/806055
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/21900
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 app-admin/graylog/Manifest              |  4 --
 app-admin/graylog/graylog-3.3.11.ebuild | 83 ---------------------------------
 app-admin/graylog/graylog-3.3.13.ebuild | 83 ---------------------------------
 app-admin/graylog/graylog-4.0.5.ebuild  | 79 -------------------------------
 app-admin/graylog/graylog-4.0.7.ebuild  | 79 -------------------------------
 5 files changed, 328 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73486fdffd530d75e7eca84f0c40b1ebe2f492b9

commit 73486fdffd530d75e7eca84f0c40b1ebe2f492b9
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-08-06 12:31:48 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-08-07 12:47:50 +0000

    app-admin/graylog: bump to 4.1.2
    
    Bug: https://bugs.gentoo.org/806055
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 app-admin/graylog/Manifest             |  1 +
 app-admin/graylog/graylog-4.1.2.ebuild | 58 ++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=591315d7e534c6402e8a62ca1ebc812fd8321426

commit 591315d7e534c6402e8a62ca1ebc812fd8321426
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-08-06 12:22:10 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-08-07 12:47:50 +0000

    app-admin/graylog: bump to 4.0.10
    
    Bug: https://bugs.gentoo.org/806055
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 app-admin/graylog/Manifest              |  1 +
 app-admin/graylog/graylog-4.0.10.ebuild | 79 +++++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a42daa58980139a50219659bf1d9e2bf12a9e42f

commit a42daa58980139a50219659bf1d9e2bf12a9e42f
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-08-06 12:20:57 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-08-07 12:47:50 +0000

    app-admin/graylog: bump to 3.3.14
    
    Bug: https://bugs.gentoo.org/806055
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 app-admin/graylog/Manifest              |  1 +
 app-admin/graylog/graylog-3.3.14.ebuild | 83 +++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+)