PT-2019-18664 · Elastic · Logstash

Publicado

2019-03-25

Atualizado

2020-10-05

CVE-2019-7612

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Logstash versions prior to 5.6.15 Logstash versions prior to 6.6.1

Description A sensitive data disclosure issue was discovered in the way Logstash logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

Recommendations For Logstash versions prior to 5.6.15, update to version 5.6.15 or later to resolve the issue. For Logstash versions prior to 6.6.1, update to version 6.6.1 or later to resolve the issue.

Correção

Insertion into Log File

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532CWE-209

Identificadores relacionados

CVE-2019-7612

Produtos afetados

Logstash

PT-2019-18664 · Elastic · Logstash

CVE-2019-7612

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5