Logstash Logs Sensitive Information
Published: June 16, 2016
SECURITY IDENTIFIERS
- CVE: CVE-2016-10362 (NVD)
- GHSA: GHSA-3gg4-6hqg-2vjx
- Vendor Advisory: https://web.archive.org/web/20210730201452/http://www.securityfocus.com/bid/99154
GEM
SEVERITY
PATCHED VERSIONS
>= 5.0.1
DESCRIPTION
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.