Bitnami package
logstash
pkg:bitnami/logstash
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33466 | Hig | 8.1 | >= 8.0.0, < 8.19.14 | 8.19.14 | Apr 8, 2026 | Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths w | |
| CVE-2025-37730 | Med | 6.5 | >= 8.0.0, < 8.18.1 | 8.18.1 | May 6, 2025 | Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set. | |
| CVE-2023-46672 | — | >= 7.12.1, < 7.12.2 | 7.12.2 | Nov 15, 2023 | An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/cur | ||
| CVE-2021-22138 | — | >= 6.4.0, < 6.8.15 | 6.8.15 | May 13, 2021 | In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could re |
- affected >= 8.0.0, < 8.19.14fixed 8.19.14
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths w
- affected >= 8.0.0, < 8.18.1fixed 8.18.1
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.
- CVE-2023-46672Nov 15, 2023affected >= 7.12.1, < 7.12.2fixed 7.12.2
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/cur
- CVE-2021-22138May 13, 2021affected >= 6.4.0, < 6.8.15fixed 6.8.15
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could re