440 matches found
CVE-2021-22138
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in...
CVE-2022-31520
The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2019-7620
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding...
CVE-2019-7612
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message...
CVE-2025-67735 vulnerabilities
Vulnerabilities for packages: flyway, wavefront-proxy, logstash, zipkin, apicurio-registry, celeborn, keycloak, wildfly, akhq, logstash-input-http, spark, sonarqube, kserve-modelmesh, infinispan, apache-pulsar, management-api-for-apache-cassandra-5.0, trino, docker-selenium, druid,...
GHSA-84H7-RJJ3-6JX4 vulnerabilities
Vulnerabilities for packages: flyway, wavefront-proxy, logstash, zipkin, apicurio-registry, celeborn, keycloak, wildfly, akhq, logstash-input-http, spark, sonarqube, kserve-modelmesh, infinispan, apache-pulsar, management-api-for-apache-cassandra-5.0, trino, docker-selenium, druid,...
GHSA-84H7-RJJ3-6JX4 vulnerabilities
Vulnerabilities for packages: logstash-input-http, tez, elasticsearch-fips, flyway, spark-fips, wildfly, keycloak-fips, apache-nifi, localstack, knative-kafka-broker, apache-activemq-artemis, grpc-java-fips, trino, apache-hop-fips, management-api-for-apache-cassandra-4.1, kafka-bridge, apache-hop...
CVE-2025-67735 vulnerabilities
Vulnerabilities for packages: logstash-input-http, tez, elasticsearch-fips, flyway, spark-fips, wildfly, keycloak-fips, apache-nifi, localstack, knative-kafka-broker, apache-activemq-artemis, grpc-java-fips, trino, apache-hop-fips, management-api-for-apache-cassandra-4.1, kafka-bridge, apache-hop...
CVE-2025-34274
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
EUVD-2025-37221
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
CVE-2025-34274
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
CVE-2025-34274
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
CVE-2025-34274
Nagios Log Server (pre-2024R2.0.3) contains an execution with unnecessary privileges due to embedding a Logstash process running as root. If an attacker compromises Logstash (e.g., via insecure plugins, pipeline config injection, or input parsing vulnerabilities), they could execute code with roo...
CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
Nagios Log Server 安全漏洞
Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R2.0.3, which stems from the embedded Logstash process running as root user, which could lead to an attacker...
PT-2025-44517
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R2.0.3 Description The software runs its embedded Logstash process as the root user, leading to a situation where an attacker compromising the Logstash process could execute code with root privileges,...
GHSA-MR3Q-G2MV-MR4Q vulnerabilities
Vulnerabilities for packages: logstash...
CVE-2025-61921 vulnerabilities
Vulnerabilities for packages: logstash...
CVE-2025-61921 vulnerabilities
Vulnerabilities for packages: logstash, gitlab-cng...