CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-7612

CVSS 9.8v3.1pub. 2019-03-25upd. 2024-11-21

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Elastic Logstash

    APP
    Elastic
    < 5.6.156.0.0 – 6.6.1 (bez)
  • Netapp Active Iq Performance Analytics Services

    APP
    Netapp
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-33466HIGH8.1ten sam produkt

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file wr...

CVE-2023-46672HIGH8.4ten sam produkt

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific c...

CVE-2019-7620HIGH7.5ten sam produkt

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. ...

CVE-2019-7221HIGH7.8ten sam produkt

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

CVE-2018-17182HIGH7.8ten sam produkt

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c m...