Logstash

logstash

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-14730 1Elasticsearch 1Logstash May 13, 2026 Sep 25, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to...Show more The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.Show less
CVE-2015-5619 2Elastic Elasticsearch 2Logstash Logstash May 13, 2026 Aug 9, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive informa...Show more Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.Show less
CVE-2015-5378 2Elastic Elasticsearch 2Logstash Logstash May 13, 2026 Jun 27, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.