Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HElastic Logstash
APPElastic6.0.0 – 6.8.4 (bez)7.0.0 – 7.4.1 (bez)
Powiązane podatności
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed...
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file wr...
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific c...
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logs...
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers whic...