Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic logstash vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-7612
A sensitive data disclosure flaw was found in the way Logstash versions prior to 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Elastic Logstash
Netapp Active Iq Performance Analytics Services -
7.5
CVSSv3
CVE-2019-7620
Logstash versions prior to 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop resp...
Elastic Logstash
7.5
CVSSv3
CVE-2015-5378
Logstash 1.5.x prior to 1.5.3 and 1.4.x prior to 1.4.4 allows remote malicious users to read communications between Logstash Forwarder agent and Logstash server.
Elasticsearch Logstash 1.5.1
Elasticsearch Logstash 1.4.3
Elasticsearch Logstash 1.5.0
Elasticsearch Logstash 1.5.2
Elastic Logstash 1.4.1
Elastic Logstash 1.4.2
Elastic Logstash 1.4.0
7.5
CVSSv3
CVE-2016-1000222
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
Elastic Logstash
7.5
CVSSv3
CVE-2016-10363
Logstash versions before 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by t...
Elastic Logstash
7.5
CVSSv3
CVE-2016-1000221
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Elastic Logstash
6.5
CVSSv3
CVE-2018-3817
When logging warnings regarding deprecated settings, Logstash prior to 5.6.6 and 6.x prior to 6.1.2 could inadvertently log sensitive information.
Elastic Logstash
6.1
CVSSv3
CVE-2018-3824
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the malicious ...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
5.9
CVSSv3
CVE-2015-5619
Logstash 1.4.x prior to 1.4.5 and 1.5.x prior to 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow malicious users to obtain sensitive information via a man-in-the-middle attack.
Elasticsearch Logstash 1.5.3
Elasticsearch Logstash 1.4.4
Elasticsearch Logstash 1.5.1
Elasticsearch Logstash 1.4.3
Elasticsearch Logstash 1.5.0
Elasticsearch Logstash 1.5.2
Elastic Logstash 1.4.1
Elastic Logstash 1.4.2
Elastic Logstash 1.4.0
5.5
CVSSv3
CVE-2023-46672
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/r...
Elastic Logstash
Elastic Logstash 7.12.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »