6 matches found
Information Exposure
Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure. Elasticsearch Output plugin would log to file HTTP basic auth credentials when updating connections after sniffing. Remediation Upgrade logstash-core to...
Information Exposure
Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure. Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Remediation Upgrade logstash-core to...
Information Exposure
Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure due to allowing remote attackers to read communications between Logstash Forwarder agent and Logstash server. Remediation Upgrade logstash-core to version...
Improper Certificate Validation
Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Improper Certificate Validation due to not validating SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a...
Information Disclosure
logstash-core is vulnerable to information disclosure attacks. The vulnerability exists when a malformed URI is used, and credentials can be logged in error messages, causing information disclosure attacks...
Information Disclosure Through Logs
logstash-core is vulnerable to information disclosure. The vulnerability is possible because it logs information from HTTP authorization headers which could contain sensitive information. Users who use secure communication from logstash to elasticsearch via basic authorization using elastic shiel...