CVE-2014-4326

Currently unrated

Key Information:

Vendor: Elastic
Status: Logstash
Vendor: CVE Published:; 22 July 2014

Summary

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

References

http://www.elasticsearch.org/blog/logstash-1-4-2/

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/532841/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://www.elastic.co/community/security/

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 22, 2014
Vulnerability Reserved
Jun 18, 2014