← Retour aux CVEs
CVE-2019-7612
CRITICAL9.8
Description
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/25/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
elastic:logstashnetapp:active_iq_performance_analytics_services
Faiblesses (CWE)
CWE-209CWE-532
References
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077(security@elastic.co)
https://security.netapp.com/advisory/ntap-20190411-0002/(security@elastic.co)
https://www.elastic.co/community/security(security@elastic.co)
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190411-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/community/security(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.