Logstash Logs Sensitive Information
Published: June 16, 2017
SECURITY IDENTIFIERS
- CVE: CVE-2016-1000221 (NVD)
- GHSA: GHSA-vcmm-ppqx-95ch
- Vendor Advisory: https://web.archive.org/web/20210124065200/http://www.securityfocus.com/bid/99126
GEM
SEVERITY
PATCHED VERSIONS
>= 2.3.4
DESCRIPTION
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
RELATED
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000221
- https://web.archive.org/web/20210124065200/http://www.securityfocus.com/bid/99126
- https://security-tracker.debian.org/tracker/CVE-2016-1000221
- http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.108361
- https://www.scaprepo.com/control.jsp?command=relation&relationId=CVE-2016-1000221&search=CVE-2016-1000221
- https://cve.reconshell.com/cve/CVE-2016-1000221
- https://www.elastic.co/community/security
- https://github.com/advisories/GHSA-vcmm-ppqx-95ch