HIGH✓ PATCH🇬🇧 English

CVE-2019-7620

CVSS 7.5v3.1pub. 2019-10-30upd. 2024-11-21

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Elastic Logstash

    APP
    Elastic
    6.0.0 – 6.8.4 (bez)7.0.0 – 7.4.1 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2019-7612CRITICAL9.8ten sam produkt

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed...

CVE-2026-33466HIGH8.1ten sam produkt

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file wr...

CVE-2023-46672HIGH8.4ten sam produkt

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific c...

CVE-2015-5378HIGH7.5ten sam produkt

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logs...

CVE-2016-1000221HIGH7.5ten sam produkt

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers whic...