First published: Fri Jun 16 2017(Updated: )
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/logstash-core | <2.3.4 | 2.3.4 |
Logstash Output Plugin for Elasticsearch | <=2.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1000221 is classified as a medium-severity vulnerability due to the potential exposure of sensitive information.
CVE-2016-1000221 can expose HTTP authorization headers that may contain sensitive credentials.
To mitigate CVE-2016-1000221, upgrade Logstash to version 2.3.4 or later.
CVE-2016-1000221 affects all versions of Logstash prior to 2.3.4.
CVE-2016-1000221 specifically impacts the Elasticsearch Output plugin of Logstash.