Sensitive Information Exposure in Logstash by Elastic
CVE-2018-3817

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Logstash
Vendor: CVE Published:; 30 March 2018

Summary

Logstash, a data processing pipeline, contains a vulnerability that may expose sensitive information through its logging mechanism. Versions prior to 5.6.6 and 6.x prior to 6.1.2 are affected due to improper handling of warnings associated with deprecated settings. This can lead to unintended logging of sensitive data, potentially compromising user confidentiality if accessed by unauthorized entities. Users are advised to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

Logstash Before 6.1.2 or 5.6.6

References

https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Jan 2, 2018