Search criteria
33 vulnerabilities found for Logstash by Elastic
CERTFR-2025-AVI-0377
Vulnerability from certfr_avis - Published: 2025-05-07 - Updated: 2025-05-07
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Elastic | Kibana | Kibana versions antérieures à 8.17.6 | ||
| Elastic | Logstash | Logstash versions 8.18.x antérieures à 8.18.1 | ||
| Elastic | Logstash | Logstash versions antérieures à 8.17.6 | ||
| Elastic | Kibana | Kibana versions 8.18.x antérieures à 8.18.1 | ||
| Elastic | Logstash | Logstash versions 9.0.x antérieures à 9.0.1 | ||
| Elastic | Kibana | Kibana versions 9.0.x antérieures à 9.0.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Kibana versions ant\u00e9rieures \u00e0 8.17.6",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Logstash versions 8.18.x ant\u00e9rieures \u00e0 8.18.1",
"product": {
"name": "Logstash",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Logstash versions ant\u00e9rieures \u00e0 8.17.6",
"product": {
"name": "Logstash",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 8.18.x ant\u00e9rieures \u00e0 8.18.1",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Logstash versions 9.0.x ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": "Logstash",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 9.0.x ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-37730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37730"
},
{
"name": "CVE-2025-25014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25014"
}
],
"initial_release_date": "2025-05-07T00:00:00",
"last_revision_date": "2025-05-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0377",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
"vendor_advisories": [
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-07",
"url": "https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-08",
"url": "https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869"
}
]
}
CERTFR-2025-AVI-0359
Vulnerability from certfr_avis - Published: 2025-05-02 - Updated: 2025-05-02
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Elastic | Elasticsearch | Elasticsearch versions antérieures à 7.17.25 | ||
| Elastic | Kibana | Kibana versions 7.17.x postérieures à 7.14.6 et antérieures à 7.17.24 | ||
| Elastic | APM Server | APM Server versions 8.x antérieures à 8.16.1 | ||
| Elastic | Elasticsearch | Elasticsearch versions antérieures à 8.16.0 | ||
| Elastic | Logstash | Logstash versions 8.15.x antérieures à 8.15.3 | ||
| Elastic | Elastic Agent | Elastic Agent versions antérieures à 8.15.4 | ||
| Elastic | Elastic Agent | Elastic Agent versions antérieures à 7.17.25 | ||
| Elastic | Kibana | Kibana versions 8.x antérieures à 8.13.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Elasticsearch versions ant\u00e9rieures \u00e0 7.17.25",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 7.17.x post\u00e9rieures \u00e0 7.14.6 et ant\u00e9rieures \u00e0 7.17.24",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "APM Server versions 8.x ant\u00e9rieures \u00e0 8.16.1",
"product": {
"name": "APM Server",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch versions ant\u00e9rieures \u00e0 8.16.0",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Logstash versions 8.15.x ant\u00e9rieures \u00e0 8.15.3",
"product": {
"name": "Logstash",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elastic Agent versions ant\u00e9rieures \u00e0 8.15.4",
"product": {
"name": "Elastic Agent",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elastic Agent versions ant\u00e9rieures \u00e0 7.17.25",
"product": {
"name": "Elastic Agent",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 8.x ant\u00e9rieures \u00e0 8.13.0",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2023-46669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46669"
},
{
"name": "CVE-2024-52979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52979"
},
{
"name": "CVE-2024-11994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11994"
},
{
"name": "CVE-2024-11390",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11390"
},
{
"name": "CVE-2025-25016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25016"
},
{
"name": "CVE-2024-52976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52976"
}
],
"initial_release_date": "2025-05-02T00:00:00",
"last_revision_date": "2025-05-02T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0359",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
"vendor_advisories": [
{
"published_at": "2025-05-01",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-47",
"url": "https://discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711"
},
{
"published_at": "2025-05-01",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-39",
"url": "https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708"
},
{
"published_at": "2025-05-01",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-03",
"url": "https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706"
},
{
"published_at": "2025-05-01",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-20",
"url": "https://discuss.elastic.co/t/kibana-7-17-24-and-8-12-0-security-update-esa-2024-20/377712"
},
{
"published_at": "2025-05-01",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-38",
"url": "https://discuss.elastic.co/t/logstash-8-15-3-security-update-esa-2024-38/377707"
},
{
"published_at": "2025-05-01",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-40",
"url": "https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709"
},
{
"published_at": "2025-05-01",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-41",
"url": "https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710"
}
]
}
CERTFR-2025-AVI-0298
Vulnerability from certfr_avis - Published: 2025-04-09 - Updated: 2025-04-09
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Elastic | Kibana | Kibana versions 8.17.x antérieures à 8.17.2 | ||
| Elastic | Logstash | Logstash versions antérieures à 8.15.3 | ||
| Elastic | Elastic Defend | Elastic Defend versions antérieures à 8.17.3 | ||
| Elastic | Kibana | Kibana versions 8.16.x antérieures à 8.16.4 | ||
| Elastic | Kibana | Kibana versions 7.17.x antérieures à 7.17.23 | ||
| Elastic | Kibana | Kibana versions 8.15.x antérieures à 8.15.1 | ||
| Elastic | Elasticsearch | Elasticsearch versions 8.15.x antérieures à 8.15.1 | ||
| Elastic | Elasticsearch | Elasticsearch versions 7.17.x antérieures à 7.17.24 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Kibana versions 8.17.x ant\u00e9rieures \u00e0 8.17.2",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Logstash versions ant\u00e9rieures \u00e0 8.15.3",
"product": {
"name": "Logstash",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elastic Defend versions ant\u00e9rieures \u00e0 8.17.3",
"product": {
"name": "Elastic Defend",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 8.16.x ant\u00e9rieures \u00e0 8.16.4",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 7.17.x ant\u00e9rieures \u00e0 7.17.23",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 8.15.x ant\u00e9rieures \u00e0 8.15.1",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch versions 8.15.x ant\u00e9rieures \u00e0 8.15.1",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch versions 7.17.x ant\u00e9rieures \u00e0 7.17.24",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-12556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12556"
},
{
"name": "CVE-2024-43380",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43380"
},
{
"name": "CVE-2024-52980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52980"
},
{
"name": "CVE-2025-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25013"
},
{
"name": "CVE-2024-52974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52974"
},
{
"name": "CVE-2024-52981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52981"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
}
],
"initial_release_date": "2025-04-09T00:00:00",
"last_revision_date": "2025-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0298",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-37",
"url": "https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-02",
"url": "https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-security-update-esa-2025-02/376918"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-35",
"url": "https://discuss.elastic.co/t/logstash-8-15-1-security-update-esa-2024-35/376920"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-34",
"url": "https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-05",
"url": "https://discuss.elastic.co/t/elastic-defend-8-17-3-security-update-esa-2025-05/376921"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-48",
"url": "https://discuss.elastic.co/t/logstash-8-15-3-8-16-0-security-update-esa-2024-48/376922"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-36",
"url": "https://discuss.elastic.co/t/kibana-7-17-23-and-8-15-1-security-update-esa-2024-36/376923"
}
]
}
CVE-2025-37730 (GCVE-0-2025-37730)
Vulnerability from nvd – Published: 2025-05-06 17:29 – Updated: 2025-05-06 17:51
VLAI?
Title
Logstash Improper Certificate Validation in TCP output
Summary
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T17:51:38.262496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T17:51:59.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Logstash",
"repo": "https://github.com/elastic/logstash",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.17.6",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "8.18.1",
"status": "affected",
"version": "8.18.0",
"versionType": "semver"
},
{
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eImproper certificate validation in Logstash\u0027s TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003essl_verification_mode =\u0026gt; full\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e was set.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Improper certificate validation in Logstash\u0027s TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode =\u003e full was set."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T17:29:07.189Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Logstash Improper Certificate Validation in TCP output",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2025-37730",
"datePublished": "2025-05-06T17:29:07.189Z",
"dateReserved": "2025-04-16T03:24:04.510Z",
"dateUpdated": "2025-05-06T17:51:59.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46672 (GCVE-0-2023-46672)
Vulnerability from nvd – Published: 2023-11-15 08:05 – Updated: 2025-02-13 17:14
VLAI?
Title
Logstash Insertion of Sensitive Information into Log File
Summary
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.
The prerequisites for the manifestation of this issue are:
* Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.
* Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.
Severity ?
8.4 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240125-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240229-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.11.1",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-15T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.\u003c/p\u003e\u003cp\u003eThe prerequisites for the manifestation of this issue are:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eLogstash \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html\"\u003eis configured to log in JSON format\u003c/a\u003e, which is \u003cb\u003enot\u003c/b\u003e the default logging format.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eSensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.\n\nThe prerequisites for the manifestation of this issue are:\n\n * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.\n\n\n * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T21:05:53.301Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191"
},
{
"url": "https://www.elastic.co/community/security"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0002/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240229-0001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Logstash Insertion of Sensitive Information into Log File",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2023-46672",
"datePublished": "2023-11-15T08:05:26.561Z",
"dateReserved": "2023-10-24T17:28:32.186Z",
"dateUpdated": "2025-02-13T17:14:31.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22138 (GCVE-0-2021-22138)
Vulnerability from nvd – Published: 2021-05-13 17:35 – Updated: 2024-08-03 18:30
VLAI?
Summary
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.
Severity ?
No CVSS data available.
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Elasticsearch |
Affected:
after 6.4.0 and before 6.8.15 and 7.12.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210629-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elasticsearch",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "after 6.4.0 and before 6.8.15 and 7.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T09:06:14",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210629-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2021-22138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elasticsearch",
"version": {
"version_data": [
{
"version_value": "after 6.4.0 and before 6.8.15 and 7.12.0"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210629-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210629-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2021-22138",
"datePublished": "2021-05-13T17:35:19",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7620 (GCVE-0-2019-7620)
Vulnerability from nvd – Published: 2019-10-30 13:38 – Updated: 2024-08-04 20:54
VLAI?
Summary
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 7.4.1 and 6.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T13:38:40",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 7.4.1 and 6.8.4"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
},
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908"
},
{
"name": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7620",
"datePublished": "2019-10-30T13:38:40",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7613 (GCVE-0-2019-7613)
Vulnerability from nvd – Published: 2019-03-25 18:34 – Updated: 2024-08-04 20:54
VLAI?
Summary
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
Severity ?
No CVSS data available.
CWE
- CWE-778 - Insufficient Logging
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.16 and 6.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778: Insufficient Logging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T18:34:06",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 5.6.16 and 6.6.2"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-778: Insufficient Logging"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security"
},
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7613",
"datePublished": "2019-03-25T18:34:06",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7612 (GCVE-0-2019-7612)
Vulnerability from nvd – Published: 2019-03-25 18:34 – Updated: 2024-08-04 20:54
VLAI?
Summary
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Severity ?
No CVSS data available.
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.15 and 6.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T21:06:03",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 5.6.15 and 6.6.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190411-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7612",
"datePublished": "2019-03-25T18:34:06",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3817 (GCVE-0-2018-3817)
Vulnerability from nvd – Published: 2018-03-30 20:00 – Updated: 2024-08-05 04:57
VLAI?
Summary
When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:22.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "Before 6.1.2 or 5.6.6"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T19:57:01",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2018-3817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "Before 6.1.2 or 5.6.6"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2018-3817",
"datePublished": "2018-03-30T20:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T04:57:22.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5619 (GCVE-0-2015-5619)
Vulnerability from nvd – Published: 2017-08-09 16:00 – Updated: 2024-08-06 06:59
VLAI?
Summary
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76455"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released"
},
{
"name": "20150821 Logstash vulnerability CVE-2015-5619",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536294/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html"
},
{
"name": "20151106 CVE-2015-5619",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536858/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "76455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76455"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released"
},
{
"name": "20150821 Logstash vulnerability CVE-2015-5619",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536294/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html"
},
{
"name": "20151106 CVE-2015-5619",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536858/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76455"
},
{
"name": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released"
},
{
"name": "20150821 Logstash vulnerability CVE-2015-5619",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536294/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html"
},
{
"name": "20151106 CVE-2015-5619",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536858/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5619",
"datePublished": "2017-08-09T16:00:00",
"dateReserved": "2015-07-22T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5378 (GCVE-0-2015-5378)
Vulnerability from nvd – Published: 2017-06-27 20:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:00.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150721 Logstash vulnerability CVE-2015-5378",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536050/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html"
},
{
"name": "20151106 CVE-2015-5378",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536859/100/0/threaded"
},
{
"name": "76015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150721 Logstash vulnerability CVE-2015-5378",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536050/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html"
},
{
"name": "20151106 CVE-2015-5378",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536859/100/0/threaded"
},
{
"name": "76015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150721 Logstash vulnerability CVE-2015-5378",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536050/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html"
},
{
"name": "20151106 CVE-2015-5378",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536859/100/0/threaded"
},
{
"name": "76015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76015"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5378",
"datePublished": "2017-06-27T20:00:00",
"dateReserved": "2015-07-06T00:00:00",
"dateUpdated": "2024-08-06T06:50:00.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10363 (GCVE-0-2016-10363)
Vulnerability from nvd – Published: 2017-06-16 21:00 – Updated: 2024-08-06 03:21
VLAI?
Summary
Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.
Severity ?
No CVSS data available.
CWE
- CWE-248 - Uncaught Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 2.3.3"
}
]
}
],
"datePublic": "2016-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-16T20:57:02",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2016-10363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 2.3.3"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2016-10363",
"datePublished": "2017-06-16T21:00:00",
"dateReserved": "2017-05-02T00:00:00",
"dateUpdated": "2024-08-06T03:21:51.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10362 (GCVE-0-2016-10362)
Vulnerability from nvd – Published: 2017-06-16 21:00 – Updated: 2024-08-06 03:21
VLAI?
Summary
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
Severity ?
No CVSS data available.
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:50.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "99154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.0.1"
}
]
}
],
"datePublic": "2016-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-21T09:57:01",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "99154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2016-10362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 5.0.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
},
{
"name": "99154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2016-10362",
"datePublished": "2017-06-16T21:00:00",
"dateReserved": "2017-05-02T00:00:00",
"dateUpdated": "2024-08-06T03:21:50.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1000222 (GCVE-0-2016-1000222)
Vulnerability from nvd – Published: 2017-06-16 21:00 – Updated: 2024-08-06 03:55
VLAI?
Summary
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:27.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-16T20:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1000222",
"datePublished": "2017-06-16T21:00:00",
"dateReserved": "2016-09-12T00:00:00",
"dateUpdated": "2024-08-06T03:55:27.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1000221 (GCVE-0-2016-1000221)
Vulnerability from nvd – Published: 2017-06-16 21:00 – Updated: 2024-08-06 03:55
VLAI?
Summary
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:27.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99126"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-20T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99126"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99126"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1000221",
"datePublished": "2017-06-16T21:00:00",
"dateReserved": "2016-09-12T00:00:00",
"dateUpdated": "2024-08-06T03:55:27.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4152 (GCVE-0-2015-4152)
Vulnerability from nvd – Published: 2015-06-15 15:00 – Updated: 2024-08-06 06:04
VLAI?
Summary
Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150609 Logstash vulnerability CVE-2015-4152",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535725/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150609 Logstash vulnerability CVE-2015-4152",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535725/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150609 Logstash vulnerability CVE-2015-4152",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535725/100/0/threaded"
},
{
"name": "https://www.elastic.co/blog/logstash-1-4-3-released",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"name": "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html"
},
{
"name": "https://www.elastic.co/community/security/",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4152",
"datePublished": "2015-06-15T15:00:00",
"dateReserved": "2015-06-01T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-37730 (GCVE-0-2025-37730)
Vulnerability from cvelistv5 – Published: 2025-05-06 17:29 – Updated: 2025-05-06 17:51
VLAI?
Title
Logstash Improper Certificate Validation in TCP output
Summary
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T17:51:38.262496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T17:51:59.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Logstash",
"repo": "https://github.com/elastic/logstash",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.17.6",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "8.18.1",
"status": "affected",
"version": "8.18.0",
"versionType": "semver"
},
{
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eImproper certificate validation in Logstash\u0027s TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003essl_verification_mode =\u0026gt; full\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e was set.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Improper certificate validation in Logstash\u0027s TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode =\u003e full was set."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T17:29:07.189Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Logstash Improper Certificate Validation in TCP output",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2025-37730",
"datePublished": "2025-05-06T17:29:07.189Z",
"dateReserved": "2025-04-16T03:24:04.510Z",
"dateUpdated": "2025-05-06T17:51:59.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46672 (GCVE-0-2023-46672)
Vulnerability from cvelistv5 – Published: 2023-11-15 08:05 – Updated: 2025-02-13 17:14
VLAI?
Title
Logstash Insertion of Sensitive Information into Log File
Summary
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.
The prerequisites for the manifestation of this issue are:
* Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.
* Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.
Severity ?
8.4 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240125-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240229-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.11.1",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-15T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.\u003c/p\u003e\u003cp\u003eThe prerequisites for the manifestation of this issue are:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eLogstash \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html\"\u003eis configured to log in JSON format\u003c/a\u003e, which is \u003cb\u003enot\u003c/b\u003e the default logging format.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eSensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.\n\nThe prerequisites for the manifestation of this issue are:\n\n * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.\n\n\n * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T21:05:53.301Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191"
},
{
"url": "https://www.elastic.co/community/security"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0002/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240229-0001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Logstash Insertion of Sensitive Information into Log File",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2023-46672",
"datePublished": "2023-11-15T08:05:26.561Z",
"dateReserved": "2023-10-24T17:28:32.186Z",
"dateUpdated": "2025-02-13T17:14:31.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22138 (GCVE-0-2021-22138)
Vulnerability from cvelistv5 – Published: 2021-05-13 17:35 – Updated: 2024-08-03 18:30
VLAI?
Summary
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.
Severity ?
No CVSS data available.
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Elasticsearch |
Affected:
after 6.4.0 and before 6.8.15 and 7.12.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210629-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elasticsearch",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "after 6.4.0 and before 6.8.15 and 7.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T09:06:14",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210629-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2021-22138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elasticsearch",
"version": {
"version_data": [
{
"version_value": "after 6.4.0 and before 6.8.15 and 7.12.0"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210629-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210629-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2021-22138",
"datePublished": "2021-05-13T17:35:19",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7620 (GCVE-0-2019-7620)
Vulnerability from cvelistv5 – Published: 2019-10-30 13:38 – Updated: 2024-08-04 20:54
VLAI?
Summary
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 7.4.1 and 6.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T13:38:40",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 7.4.1 and 6.8.4"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
},
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908"
},
{
"name": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7620",
"datePublished": "2019-10-30T13:38:40",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7613 (GCVE-0-2019-7613)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:34 – Updated: 2024-08-04 20:54
VLAI?
Summary
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
Severity ?
No CVSS data available.
CWE
- CWE-778 - Insufficient Logging
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.16 and 6.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778: Insufficient Logging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T18:34:06",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 5.6.16 and 6.6.2"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-778: Insufficient Logging"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security"
},
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7613",
"datePublished": "2019-03-25T18:34:06",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7612 (GCVE-0-2019-7612)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:34 – Updated: 2024-08-04 20:54
VLAI?
Summary
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Severity ?
No CVSS data available.
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.15 and 6.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T21:06:03",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 5.6.15 and 6.6.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190411-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7612",
"datePublished": "2019-03-25T18:34:06",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3817 (GCVE-0-2018-3817)
Vulnerability from cvelistv5 – Published: 2018-03-30 20:00 – Updated: 2024-08-05 04:57
VLAI?
Summary
When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:22.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "Before 6.1.2 or 5.6.6"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T19:57:01",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2018-3817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "Before 6.1.2 or 5.6.6"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2018-3817",
"datePublished": "2018-03-30T20:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T04:57:22.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5619 (GCVE-0-2015-5619)
Vulnerability from cvelistv5 – Published: 2017-08-09 16:00 – Updated: 2024-08-06 06:59
VLAI?
Summary
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76455"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released"
},
{
"name": "20150821 Logstash vulnerability CVE-2015-5619",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536294/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html"
},
{
"name": "20151106 CVE-2015-5619",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536858/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "76455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76455"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released"
},
{
"name": "20150821 Logstash vulnerability CVE-2015-5619",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536294/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html"
},
{
"name": "20151106 CVE-2015-5619",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536858/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76455"
},
{
"name": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released"
},
{
"name": "20150821 Logstash vulnerability CVE-2015-5619",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536294/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html"
},
{
"name": "20151106 CVE-2015-5619",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536858/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5619",
"datePublished": "2017-08-09T16:00:00",
"dateReserved": "2015-07-22T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5378 (GCVE-0-2015-5378)
Vulnerability from cvelistv5 – Published: 2017-06-27 20:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:00.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150721 Logstash vulnerability CVE-2015-5378",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536050/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html"
},
{
"name": "20151106 CVE-2015-5378",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536859/100/0/threaded"
},
{
"name": "76015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150721 Logstash vulnerability CVE-2015-5378",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536050/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html"
},
{
"name": "20151106 CVE-2015-5378",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536859/100/0/threaded"
},
{
"name": "76015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150721 Logstash vulnerability CVE-2015-5378",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536050/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html"
},
{
"name": "20151106 CVE-2015-5378",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536859/100/0/threaded"
},
{
"name": "76015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76015"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5378",
"datePublished": "2017-06-27T20:00:00",
"dateReserved": "2015-07-06T00:00:00",
"dateUpdated": "2024-08-06T06:50:00.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1000222 (GCVE-0-2016-1000222)
Vulnerability from cvelistv5 – Published: 2017-06-16 21:00 – Updated: 2024-08-06 03:55
VLAI?
Summary
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:27.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-16T20:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1000222",
"datePublished": "2017-06-16T21:00:00",
"dateReserved": "2016-09-12T00:00:00",
"dateUpdated": "2024-08-06T03:55:27.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1000221 (GCVE-0-2016-1000221)
Vulnerability from cvelistv5 – Published: 2017-06-16 21:00 – Updated: 2024-08-06 03:55
VLAI?
Summary
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:27.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99126"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-20T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99126"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99126"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1000221",
"datePublished": "2017-06-16T21:00:00",
"dateReserved": "2016-09-12T00:00:00",
"dateUpdated": "2024-08-06T03:55:27.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10362 (GCVE-0-2016-10362)
Vulnerability from cvelistv5 – Published: 2017-06-16 21:00 – Updated: 2024-08-06 03:21
VLAI?
Summary
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
Severity ?
No CVSS data available.
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:50.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "99154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.0.1"
}
]
}
],
"datePublic": "2016-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-21T09:57:01",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "99154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2016-10362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 5.0.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
},
{
"name": "99154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2016-10362",
"datePublished": "2017-06-16T21:00:00",
"dateReserved": "2017-05-02T00:00:00",
"dateUpdated": "2024-08-06T03:21:50.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10363 (GCVE-0-2016-10363)
Vulnerability from cvelistv5 – Published: 2017-06-16 21:00 – Updated: 2024-08-06 03:21
VLAI?
Summary
Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.
Severity ?
No CVSS data available.
CWE
- CWE-248 - Uncaught Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 2.3.3"
}
]
}
],
"datePublic": "2016-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-16T20:57:02",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2016-10363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 2.3.3"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2016-10363",
"datePublished": "2017-06-16T21:00:00",
"dateReserved": "2017-05-02T00:00:00",
"dateUpdated": "2024-08-06T03:21:51.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}