The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote malicious users to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
rsyslog rsyslog 4.1.1 |
||
rsyslog rsyslog 3.19.9 |
||
rsyslog rsyslog 3.17.5 |
||
rsyslog rsyslog 3.19.3 |
||
rsyslog rsyslog 3.19.2 |
||
rsyslog rsyslog 3.12.5 |
||
rsyslog rsyslog 3.12.4 |
||
rsyslog rsyslog 4.1.0 |
||
rsyslog rsyslog 3.20.0 |
||
rsyslog rsyslog 3.17.4 |
||
rsyslog rsyslog 3.19.8 |
||
rsyslog rsyslog 3.19.1 |
||
rsyslog rsyslog 3.19.0 |
||
rsyslog rsyslog 3.12.3 |
||
rsyslog rsyslog 3.12.2 |
||
rsyslog rsyslog 3.12.1 |
||
rsyslog rsyslog 3.19.12 |
||
rsyslog rsyslog 3.19.7 |
||
rsyslog rsyslog 3.19.6 |
||
rsyslog rsyslog 3.17.1 |
||
rsyslog rsyslog 3.15.1 |
||
rsyslog rsyslog 3.17.0 |
||
rsyslog rsyslog 3.19.11 |
||
rsyslog rsyslog 3.19.10 |
||
rsyslog rsyslog 3.19.5 |
||
rsyslog rsyslog 3.19.4 |
||
rsyslog rsyslog 3.15.0 |
||
rsyslog rsyslog 3.13.0 |
Vulmon