Elastic Logstash 6.4.1

CPE Details

Elastic Logstash 6.4.1
elastic
logstash
6.4.1
2019-06-17
13h43 +00:00
2019-06-17
13h43 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:elastic:logstash:6.4.1:*:*:*:*:*:*:*

Informations

Vendor

elastic

Product

logstash

Version

6.4.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-22138 2021-05-13 15h35 +00:00 In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.
3.7
Low
CVE-2019-7620 2019-10-30 12h38 +00:00 Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.
7.5
High
CVE-2019-7612 2019-03-25 17h34 +00:00 A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
9.8
Critical