PT-2017-7878 · Elastic · Logstash

Publicado

2017-06-16

·

Atualizado

2022-05-13

·

CVE-2016-10362

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Logstash versions prior to 5.0.1
Description The issue concerns the Elasticsearch Output plugin in Logstash. When updating connections after sniffing, the plugin would log HTTP basic auth credentials to a file.
Recommendations For versions prior to 5.0.1, update to version 5.0.1 or later to resolve the issue.

Correção

Information Disclosure

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-532

Identificadores relacionados

CVE-2016-10362
GHSA-3GG4-6HQG-2VJX

Produtos afetados

Logstash