Elastic Logstash

stack.watch can email you when security vulnerabilities are reported in Elastic Logstash. You can add multiple products that you use with Logstash to create your own personal software stack watcher.

By the Year

In 2021 there have been 0 vulnerabilities in Elastic Logstash . Logstash did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2021	0	0.00
2020	0	0.00
2019	2	8.65
2018	1	6.50

It may take a day or so for new Logstash vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Elastic Logstash Security Vulnerabilities

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin

CVE-2019-7620 7.5 - High - October 30, 2019

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.

CVE-2019-7620 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Input Validation

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs

CVE-2019-7612 9.8 - Critical - March 25, 2019

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

CVE-2019-7612 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Credentials Management

When logging warnings regarding deprecated settings

CVE-2018-3817 6.5 - Medium - March 30, 2018

When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.

CVE-2018-3817 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Elastic Logstash

By the Year

Latest Elastic Logstash Security Vulnerabilities

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin CVE-2019-7620 7.5 - High - October 30, 2019

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs CVE-2019-7612 9.8 - Critical - March 25, 2019

When logging warnings regarding deprecated settings CVE-2018-3817 6.5 - Medium - March 30, 2018

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin

CVE-2019-7620 7.5 - High - October 30, 2019

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs

CVE-2019-7612 9.8 - Critical - March 25, 2019

When logging warnings regarding deprecated settings

CVE-2018-3817 6.5 - Medium - March 30, 2018