A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HElastic Logstash
APPElastic< 5.6.156.0.0 – 6.6.1 (bez)Netapp Active Iq Performance Analytics Services
APPNetappwszystkie wersje
Powiązane podatności
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file wr...
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific c...
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. ...
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c m...