CVE-2017-14730

Name of the Vulnerable Software and Affected Versions logstash-bin versions prior to 5.5.3 logstash-bin versions 5.6.x prior to 5.6.1

Description The issue allows local users to gain privileges by creating a hard link in a user-writable directory tree. This is due to the init script having "chown -R" calls, which can be leveraged by users with access to a $LS USER account.

Recommendations For logstash-bin versions prior to 5.5.3, update to version 5.5.3 or later. For logstash-bin versions 5.6.x prior to 5.6.1, update to version 5.6.1 or later.