Elastic Logstash 2.0.0 Beta 3

CPE Details

Elastic Logstash 2.0.0 Beta 3
elastic
logstash
2.0.0
2019-06-17
13h42 +00:00
2019-06-17
13h42 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:elastic:logstash:2.0.0:beta3:*:*:*:*:*:*

Informations

Vendor

elastic

Product

logstash

Version

2.0.0

Update

beta3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-7612 2019-03-25 17h34 +00:00 A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
9.8
Critique
CVE-2018-3817 2018-03-30 18h00 +00:00 When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.
6.5
Moyen
CVE-2016-1000221 2017-06-16 19h00 +00:00 Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
7.5
Haute
CVE-2016-1000222 2017-06-16 19h00 +00:00 Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
7.5
Haute
CVE-2016-10363 2017-06-16 19h00 +00:00 Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.
7.5
Haute