ADVISORIES
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
- >= 2.3.4
DESCRIPTION
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
RELATED
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000221
- https://web.archive.org/web/20210124065200/http://www.securityfocus.com/bid/99126
- https://security-tracker.debian.org/tracker/CVE-2016-1000221
- http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.108361
- https://www.scaprepo.com/control.jsp?command=relation&relationId=CVE-2016-1000221&search=CVE-2016-1000221
- https://cve.reconshell.com/cve/CVE-2016-1000221
- https://www.elastic.co/community/security
- https://github.com/advisories/GHSA-vcmm-ppqx-95ch