Elastic Logstash 1.5.0 Release Candidate 3

CPE Details

Elastic Logstash 1.5.0 Release Candidate 3
elastic
logstash
1.5.0
2019-06-17
13h42 +00:00
2019-06-17
13h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:elastic:logstash:1.5.0:rc3:*:*:*:*:*:*

Informations

Vendor

elastic

Product

logstash

Version

1.5.0

Update

rc3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-7612 2019-03-25 17h34 +00:00 A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
9.8
Critical
CVE-2018-3817 2018-03-30 18h00 +00:00 When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.
6.5
Medium
CVE-2016-1000221 2017-06-16 19h00 +00:00 Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
7.5
High
CVE-2016-1000222 2017-06-16 19h00 +00:00 Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
7.5
High
CVE-2016-10363 2017-06-16 19h00 +00:00 Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.
7.5
High