datalust/seq-tickets

datalust/seq-tickets

Releases0

Stars103

Issues, design discussions and feature roadmap for the Seq log server

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-29866 ↗	Mar 21, 2024Thursday, 21 March 2024, 14:15	9.1 CRITICAL	—
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges.
CVE-2023-38195 ↗	Jul 22, 2023Saturday, 22 July 2023, 17:15	4.9 MEDIUM	—
Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account.
CVE-2021-41329 ↗	Sep 27, 2021Monday, 27 September 2021, 06:15	6.5 MEDIUM	4 MEDIUM
Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user's view filter includes an array or IN clause, and when another user has recently executed an identical query differing only by the array elements.
CVE-2018-8096 ↗	Mar 14, 2018Wednesday, 14 March 2018, 00:29	—	7.5 HIGH
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.