The init script in the Gentoo app-admin/logstash-bin package prior to 5.5.3 and 5.6.x prior to 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
elasticsearch logstash 5.0.2 |
||
elasticsearch logstash 5.1.2 |
||
elasticsearch logstash 5.4.2 |
||
elasticsearch logstash 5.5.0 |
||
elasticsearch logstash 5.2.1 |
||
elasticsearch logstash 5.3.0 |
||
elasticsearch logstash 5.3.1 |
||
elasticsearch logstash 5.3.2 |
||
elasticsearch logstash 5.5.1 |
||
elasticsearch logstash 5.5.2 |
||
elasticsearch logstash 5.6.0 |
||
elasticsearch logstash 5.0.0 |
||
elasticsearch logstash 5.0.1 |
||
elasticsearch logstash 5.1.1 |
||
elasticsearch logstash 5.2.0 |
||
elasticsearch logstash 5.4.1 |
||
elasticsearch logstash 5.4.3 |