Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NElastic Logstash
APPElastic≤ 2.3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2019-7612CRITICAL9.8ten sam produkt
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed...
CVE-2026-33466HIGH8.1ten sam produkt
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file wr...
CVE-2023-46672HIGH8.4ten sam produkt
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific c...
CVE-2019-7620HIGH7.5ten sam produkt
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. ...
CVE-2015-5378HIGH7.5ten sam produkt
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logs...