RSS   Vulnerabilities for 'Logstash'   RSS

2019-03-25
 
CVE-2019-7612

CWE-255
 

 
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

 
2018-03-30
 
CVE-2018-3817

CWE-200
 

 
When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.

 
2017-06-16
 
CVE-2016-10363

CWE-404
 

 
Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

 

 >>> Vendor: Elastic 15 Products
X-pack
Kibana reporting
Elasticsearch
Azure repository
Apm-agent-ruby
Elastic cloud enterprise
Logstash
Elasticsearch x-pack
Kibana x-pack
Logstash x-pack
Winlogbeat
Apm agent
Elastic cloud on kubernetes
Elastic app search
Enterprise search


Copyright 2020, cxsecurity.com

 

Back to Top