First published: Mon Mar 25 2019(Updated: )
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Credit: bressers@elastic.co bressers@elastic.co
Affected Software | Affected Version | How to fix |
---|---|---|
Elastic Logstash | <5.6.15 | |
Elastic Logstash | >=6.0.0<6.6.1 | |
Netapp Active Iq Performance Analytics Services | ||
<5.6.15 | ||
>=6.0.0<6.6.1 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Logstash flaw is CVE-2019-7612.
The severity of CVE-2019-7612 is critical with a CVSS score of 9.8.
Logstash versions before 5.6.15 and 6.6.1 are affected by CVE-2019-7612.
CVE-2019-7612 can result in the disclosure of sensitive data if a malformed URL is specified in the Logstash configuration.
To fix CVE-2019-7612, upgrade to Logstash version 5.6.15 or 6.6.1.