Datalust Seq Missing Content-Type Validation Leading to Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Datalust Seq versions prior to 2024.3.13545. The issue arises from missing Content-Type validation, which can be exploited under certain authentication methods. When Entra ID or OpenID Connect authentication is used, a user visiting a compromised or malicious site may be targeted. Similarly, with username/password or Active Directory authentication, a user can be exploited if they visit a malicious site under the same effective top-level domain as the Seq server. Exploitation allows attackers to impersonate users and perform actions in Seq on their behalf.

Impact

The vulnerability allows for cross-site request forgery attacks, enabling impersonation of users and unauthorized actions in the Seq application.

Remediation

Users are advised to update to Datalust Seq version 2024.3.13545 or later. This version is available for download from the Datalust website or via the Datalust/Seq Docker image.