Seq has the option to use Microsoft SQL Server as a backing store for metadata such as users, signals, dashboards, and alerts.
Versions of Microsoft.Data.SqlClient prior to 5.1.3 are vulnerable to AiTM (adversary-in-the-middle) attack, allowing an attacker with access to the network traffic between an affected client application and SQL Server to intercept traffic and potentially obtain the credentials used in establishing the connection.
Earlier Seq releases use vulnerable versions of the package, and should be updated if SQL Server metadata storage is in use.
Seq has the option to use Microsoft SQL Server as a backing store for metadata such as users, signals, dashboards, and alerts.
Versions of
Microsoft.Data.SqlClientprior to 5.1.3 are vulnerable to AiTM (adversary-in-the-middle) attack, allowing an attacker with access to the network traffic between an affected client application and SQL Server to intercept traffic and potentially obtain the credentials used in establishing the connection.Earlier Seq releases use vulnerable versions of the package, and should be updated if SQL Server metadata storage is in use.
Fixed in versions: 2023.4.10949 and 2024.1.10951-pre Full description: https://github.com/dotnet/announcements/issues/292