Note:
This project will be discontinued after December 13, 2021. [more]
2019-03-25
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
| Products | Logstash, Active_iq_performance_analytics_services |
| Type | Credentials Management (CWE-255) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.netapp.com/advisory/ntap-20190411-0002/
• https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 • https://www.elastic.co/community/security |