Insufficient Logging Flaw in Winlogbeat by Elastic
CVE-2019-7613

7.5HIGH

Key Information:

Vendor
Elastic
Status
Vendor
CVE Published:
25 March 2019

Summary

The Winlogbeat product by Elastic is affected by an insufficient logging vulnerability, which allows attackers to inject specific characters into log entries. This flaw can prevent the software from recording crucial logged events, ultimately compromising the integrity of logging data and the ability to audit events effectively. Users of Winlogbeat versions prior to 5.6.16 and 6.6.2 should take immediate action to update their installations to mitigate this vulnerability.

Affected Version(s)

Logstash before 5.6.16 and 6.6.2

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.