logstash-core is vulnerable to information disclosure attacks. The vulnerability exists when a malformed URI is used, and credentials can be logged in error messages, causing information disclosure attacks.
CPE | Name | Operator | Version |
---|---|---|---|
logstash-core | le | 6.6.0 | |
logstash-core | le | 5.6.14 |
discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
github.com/elastic/logstash/commit/c014aa71fdef5d83797c72ff5649f23a1fa020ab
github.com/elastic/logstash/commit/d11aa5a873f9314113977b950a50029a8e8c5e66
github.com/elastic/logstash/pull/10414
security.netapp.com/advisory/ntap-20190411-0002/
www.elastic.co/community/security