A critical unauthenticated path traversal vulnerability in CrowdStrike LogScale allows remote attackers to access arbitrary files, necessitating immediate updates for self-hosted instances.

A specific cluster API endpoint fails to sanitize user input, allowing an unauthenticated remote attacker to perform directory traversal and read sensitive files from the server's filesystem.

With a CVSS score of 9.8, this vulnerability is critical. Unauthorized access to files could expose system configurations, credentials, or sensitive log data, leading to severe security breaches. Next-Gen SIEM customers are not affected.

Immediate Action: Self-hosted customers must upgrade to the latest patched version of LogScale immediately.

Proactive Monitoring: Review server access logs for path traversal patterns (e.g., ../ sequences) directed at cluster API endpoints.

Compensating Controls: Ensure that LogScale cluster API endpoints are not exposed to the public internet and are restricted to internal network access only.

Public Exploit Available: No

CrowdStrike has confirmed this vulnerability and already mitigated it for SaaS customers. Self-hosted customers must prioritize updating their infrastructure to the latest version to ensure protection against unauthorized file access.