Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NElastic Logstash
APPElastic1.4.01.4.11.4.2Elasticsearch Logstash
APPElasticsearch1.4.31.5.01.5.11.5.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2019-7612CRITICAL9.8ten sam produkt
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed...
CVE-2026-33466HIGH8.1ten sam produkt
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file wr...
CVE-2023-46672HIGH8.4ten sam produkt
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific c...
CVE-2019-7620HIGH7.5ten sam produkt
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. ...
CVE-2017-14730HIGH7.8ten sam produkt
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R...