A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20190411-0002/ | Third Party Advisory |
https://www.elastic.co/community/security | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: elastic
Published: 2019-03-25T18:34:06
Updated: 2019-04-11T21:06:03
Reserved: 2019-02-07T00:00:00
Link: CVE-2019-7612
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-25T19:29:02.290
Modified: 2020-10-05T20:38:49.580
Link: CVE-2019-7612
JSON object: View
Redhat Information
No data.