Lucene search
K
ElasticLogstash

13 matches found

CVE
CVE
added 2019/03/25 6:34 p.m.161 views

CVE-2019-7612

CVE-2019-7612 affects Logstash: versions before 5.6.15 and 6.6.1 are vulnerable to a sensitive data disclosure where credentials used in a URL can be logged in error messages due to malformed URL logging. Root cause: improper handling of URL logging in Logstash configuration. Impact: potential ex...

9.8CVSS9.1AI score0.02407EPSS
CVE
CVE
added 2018/03/30 8:0 p.m.97 views

CVE-2018-3817

CVE-2018-3817 : Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information when emitting warnings about deprecated settings. Impact : information disclosure if deprecated settings are logged. Affected versions : Logstash <5.6.6 and

6.5CVSS6.4AI score0.01037EPSS
CVE
CVE
added 2023/11/15 8:5 a.m.91 views

CVE-2023-46672

CVE-2023-46672 affects Elastic Logstash. Under specific conditions, sensitive data can be recorded in Logstash logs: Logstash must be configured to log in JSON format (not the default) and a variable in the Logstash configuration must reference data stored in the Logstash keystore. Affected versi...

8.4CVSS6.1AI score0.00338EPSS
CVE
CVE
added 2021/05/13 5:35 p.m.88 views

CVE-2021-22138

CVE-2021-22138 : Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 contain a TLS certificate validation flaw in the monitoring feature. When a trusted server CA certificate is specified, Logstash may fail to properly verify the monitoring server’s certificate, enabling a possible man-in-...

4.3CVSS4AI score0.00459EPSS
CVE
CVE
added 2019/10/30 1:38 p.m.79 views

CVE-2019-7620

CVE-2019-7620 is a DoS in Elastic Logstash Beats input caused by processing specially crafted network packets. Affected releases include Logstash before 7.4.1 and 6.8.4. Remediation, where available in the connected docs, is to apply the security updates/fixes (e.g., Logstash patch versions 7.4.1...

7.5CVSS7.2AI score0.0153EPSS
CVE
CVE
added 2015/06/15 3:0 p.m.61 views

CVE-2015-4152

CVE-2015-4152 describes a directory traversal vulnerability in the Elasticsearch Logstash file output plugin prior to 1.4.3. The issue arises from dynamic field references in the path option, enabling remote attackers to write to arbitrary files with the privileges of the Logstash user. Public so...

6.4CVSS6.7AI score0.0303EPSS
CVE
CVE
added 2014/07/22 2:0 p.m.60 views

CVE-2014-4326

CVE-2014-4326 affects Elastic/Logstash prior to 1.4.2 when configured with the Zabbix or Nagios outputs. A crafted event sent to the outputs/ handlers (zabbix.rb or nagios_nsca.rb) allows remote code execution, enabling an attacker to run arbitrary OS commands. Affected versions are Logstash 1.0....

7.5CVSS7.5AI score0.03297EPSS
CVE
CVE
added 2017/06/27 8:0 p.m.56 views

CVE-2015-5378

Elastic Logstash versions prior to 1.5.3 (1.5.x) and prior to 1.4.4 (1.4.x) are vulnerable to a SSL/TLS FREAK-based man-in-the-middle bypass when using the Lumberjack input in combination with Logstash Forwarder. This allows an attacker to intercept and potentially read the communications between...

7.5CVSS7.3AI score0.02462EPSS
CVE
CVE
added 2017/06/16 9:0 p.m.56 views

CVE-2016-1000221

The CVE refers to Elastic Stack: Logstash prior to version 2.3.4 with the Elasticsearch Output plugin could log HTTP Authorization headers to files, exposing sensitive information. Affected component/file: Logstash/Elasticsearch Output plugin; root cause: logging of sensitive HTTP headers. Impact...

7.5CVSS7.4AI score0.01765EPSS
CVE
CVE
added 2017/06/16 9:0 p.m.54 views

CVE-2016-1000222

Elastic Logstash before version 2.1.2 is vulnerable to input crafted to place malicious formulas in CSV output, as described by CVE-2016-1000222. The issue arises in the CSV writer when processing engineered input. Affected product: Elastic Logstash (CSV output). Root cause: CSV generation accept...

7.5CVSS7.4AI score0.01129EPSS
CVE
CVE
added 2017/06/16 9:0 p.m.54 views

CVE-2016-10363

CVE-2016-10363 affects Logstash versions prior to 2.3.3 when using the Netflow Codec plugin. A remote attacker can craft malicious Netflow v5, Netflow v9, or IPFIX packets, exploiting errors not handled by the codec and causing the Logstash process to exit (denial of service). Impact details are ...

7.5CVSS7.5AI score0.01315EPSS
CVE
CVE
added 2017/08/09 4:0 p.m.52 views

CVE-2015-5619

CVE-2015-5619 affects Logstash 1.4.x (<1.4.5) and 1.5.x (

5.9CVSS5.4AI score0.01219EPSS
CVE
CVE
added 2026/04/08 4:50 p.m.36 views

CVE-2026-33466

CVE-2026-33466 affects Logstash by improper limitation of a pathname to a restricted directory (CWE-22). The archive extraction utilities do not validate file paths inside archives, allowing a crafted archive served via an attacker-controlled update endpoint to write arbitrary files with Logstash...

9.8CVSS6.6AI score0.00545EPSS