Primary

Context

Graylog HTTP Input Authentication Bypass Vulnerability

Vulnerability

Patched

An authentication bypass vulnerability has been identified in Graylog versions 6.1.0 and later. This issue arises in HTTP Inputs configured to require a specific header for authentication. Despite returning the correct HTTP response (401) when the header is missing or the value is incorrect, the messages are still ingested. This vulnerability can be mitigated by disabling HTTP-based inputs and using only authenticated pull-based inputs. The issue has been fixed in Graylog version 6.1.9.

Impact

Exploiting this vulnerability allows messages to be ingested without proper authentication, potentially leading to unauthorized data processing or logging.

Remediation

Users can upgrade to Graylog version 6.1.9 or later to address this vulnerability. Alternatively, HTTP-based inputs can be disabled in favor of authenticated pull-based inputs.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

8.8

remediation

8.3

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

8.8

remediation

8.3

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Graylog HTTP Input Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Graylog

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating