CVE-2019-7612
First published: Mon Mar 25 2019(Updated: )
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Logstash | <5.6.15 | |
| Elastic Logstash | >=6.0.0<6.6.1 | |
| Netapp Active Iq Performance Analytics Services |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Logstash flaw?
The vulnerability ID for this Logstash flaw is CVE-2019-7612.
What is the severity of CVE-2019-7612?
The severity of CVE-2019-7612 is critical with a CVSS score of 9.8.
Which versions of Logstash are affected by CVE-2019-7612?
Logstash versions before 5.6.15 and 6.6.1 are affected by CVE-2019-7612.
What is the impact of CVE-2019-7612?
CVE-2019-7612 can result in the disclosure of sensitive data if a malformed URL is specified in the Logstash configuration.
How can I fix CVE-2019-7612?
To fix CVE-2019-7612, upgrade to Logstash version 5.6.15 or 6.6.1.
- collector/nvd-index
- agent/softwarecombine
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/type
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/elastic
- canonical/elastic logstash
- version/elastic logstash/6.0.0
- vendor/netapp
- canonical/netapp active iq performance analytics services