{"id":"CVE-2021-37759","details":"A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).","modified":"2026-04-10T04:36:07.647163Z","published":"2021-07-31T18:15:07.837Z","references":[{"type":"ADVISORY","url":"https://www.graylog.org/post/announcing-graylog-v4-1-2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/graylog2/graylog2-server","events":[{"introduced":"57fe596f0aa8be564996f035235b7744d673f3de"},{"fixed":"20cd592f30f1ae4fbb391bb4811d24833e60fb7c"}],"database_specific":{"versions":[{"introduced":"0.20.0"},{"fixed":"4.1.2"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37759.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}