EIQ-2019-0015#
ID |
EIQ-2019-0015 |
|---|---|
CVE |
|
Description |
Logstash could log credentials of malformed URLs |
Date |
12 Mar 2019 |
Severity |
3 - HIGH |
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
Status |
✅ 2.3.4 |
Assessment |
A sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. A local attacker could obtain URL credentials by viewing the error log. |
Mitigation |
Upgrade to Logstash 5.6.15 or 6.6.1. |
Affected versions |
2.3.3 and earlier. |
Notes |
- |