HIGH✓ PATCH🇬🇧 English

CVE-2023-46672

CVSS 8.4v3.1pub. 2023-11-15upd. 2025-02-13

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
  • Elastic Logstash

    APP
    Elastic
    7.12.18.10.0 – 8.11.1 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2019-7612CRITICAL9.8ten sam produkt

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed...

CVE-2026-33466HIGH8.1ten sam produkt

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file wr...

CVE-2019-7620HIGH7.5ten sam produkt

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. ...

CVE-2015-5378HIGH7.5ten sam produkt

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logs...

CVE-2016-1000221HIGH7.5ten sam produkt

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers whic...

CVE-2023-46672 — HIGH 8.4 | CVEbaza.pl