-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability allows session takeover via insufficient HTML sanitization, specifically in the 'Event Definition Remediation Step field'. The analysis of the patches shows two main areas of concern:
org.graylog.events.processor.EventDefinitionDto.remediationSteps() (and similarly description() in content pack DTOs) were patched to add @JsonSerialize(converter = HTMLSanitizerConverter.class). This indicates that previously, these methods returned raw strings which, when serialized to JSON for the frontend, would include any malicious HTML/JavaScript. This unsanitized data is the core of the vulnerability on the backend side.Markdown.tsx component, likely used for rendering these fields, had its sanitization logic (using DOMPurify and marked) strengthened. This implies its previous sanitization was insufficient. Additionally, markdown editor components like MDBaseEditor.tsx (and its consumers Editor.tsx, EditorModal.tsx) had sanitization added/enhanced for input events like onBlur and onPaste.The exploitation occurs when an attacker submits HTML in a field like 'Remediation Steps', which is then stored and later rendered to a victim. The identified backend functions are responsible for providing this data for serialization without prior sanitization. The identified frontend component (Markdown) is responsible for rendering this data, and its previous state allowed script execution. The editor component (MDBaseEditor) was involved in the input phase.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.graylog2:graylog2-server | maven | <= 6.0.13 | 6.0.14 |
| org.graylog2:graylog2-server | maven | >= 6.1.0, <= 6.1.9 | 6.1.10 |
Ongoing coverage of React2Shell