EIQ-2019-0015
ID |
EIQ-2019-0015 |
CVE |
|
Description |
Logstash could log credentials of malformed URLs |
Date |
12 Mar 2019 |
Severity |
3 - HIGH |
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
Status |
2.3.4 |
Assessment |
A sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. A local attacker could obtain URL credentials by viewing the error log. |
Mitigation |
Upgrade to Logstash 5.6.15 or 6.6.1. |
Affected versions |
2.3.3 and earlier. |
Notes |
- |
< Back to all security issues and mitigation actions
In release notes 2.3.4