CVE-2014-9217

Graylog2 <0.92 - Auth Bypass

Title source: llm

Description

Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.

References (3)

[Mailing List] http://seclists.org/oss-sec/2014/q4/1130

[Exploit, Patch, Vendor Advisory] http://www.graylog2.org/news/post/0010-graylog2-v0-92

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/99571

Scores

EPSS 0.0091

EPSS Percentile 75.6%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

torch_gmbh/graylog2 < 0.91.3

Timeline

Published Dec 08, 2014

Tracked Since Feb 18, 2026