CVE-2019-7612

Published: Mar 25, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

Affected (3)

Products: Elastic: Logstash · Netapp: Active Iq Performance Analytics Services

1 product

1 product

Active Iq Performance Analytics Services

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Elastic Logstash	Before 5.6.15
Elastic Logstash	From 6.0.0 to 6.6.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Performance Analytics Services	All versions

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077

Source: security@elastic.co

Vendor Advisory

https://security.netapp.com/advisory/ntap-20190411-0002/

Source: security@elastic.co

Third Party Advisory

https://www.elastic.co/community/security

Source: security@elastic.co

Vendor Advisory

https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.netapp.com/advisory/ntap-20190411-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.elastic.co/community/security

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.