CVE-2018-3817

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Logstash
Vendor: CVE Published:; 30 March 2018

Summary

When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.

Affected Version(s)

Logstash Before 6.1.2 or 5.6.6

References

https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Jan 2, 2018

.