HIGH🇵🇱 Wersja polska

CVE-2016-1000221

CVSS 7.5v3.0pub. 2017-06-16upd. 2026-05-13

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Elastic Logstash

    APP
    Elastic
    ≤ 2.3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-7612CRITICAL9.8ten sam produkt

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed...

CVE-2026-33466HIGH8.1ten sam produkt

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file wr...

CVE-2023-46672HIGH8.4ten sam produkt

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific c...

CVE-2019-7620HIGH7.5ten sam produkt

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. ...

CVE-2015-5378HIGH7.5ten sam produkt

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logs...