Insufficient Logging Flaw in Winlogbeat by Elastic
CVE-2019-7613
7.5HIGH
Summary
The Winlogbeat product by Elastic is affected by an insufficient logging vulnerability, which allows attackers to inject specific characters into log entries. This flaw can prevent the software from recording crucial logged events, ultimately compromising the integrity of logging data and the ability to audit events effectively. Users of Winlogbeat versions prior to 5.6.16 and 6.6.2 should take immediate action to update their installations to mitigate this vulnerability.
Affected Version(s)
Logstash before 5.6.16 and 6.6.2
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved