Denial of Service Vulnerability in Logstash by Elastic
CVE-2019-7620

7.5HIGH

Key Information:

Vendor
Elastic
Status
Logstash
Vendor
CVE Published:
30 October 2019

Summary

Logstash versions prior to 7.4.1 and 6.8.4 are susceptible to a denial of service issue within the Logstash Beats input plugin. This vulnerability allows an unauthenticated user, who can access the designated Logstash Beats port, to send crafted packets that can render Logstash unresponsive. It is crucial for users to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

Logstash before 7.4.1 and 6.8.4

References

https://www.elastic.co/community/security
x_refsource_CONFIRM
https://discuss.elastic.co/t/elastic-stack-6-8-4-security...
x_refsource_CONFIRM
https://discuss.elastic.co/t/elastic-stack-7-4-1-security...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.