RubyGems package
logstash-core
pkg:gem/logstash-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-10362 | Med | 6.5 | < 5.0.1 | 5.0.1 | Jun 16, 2017 | Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. | |
| CVE-2016-1000221 | Hig | 7.5 | < 2.3.4 | 2.3.4 | Jun 16, 2017 | Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. |
- affected < 5.0.1fixed 5.0.1
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
- affected < 2.3.4fixed 2.3.4
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.