CVE-2019-7612

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

Published : 2019-03-25 19:29 Updated : 2019-10-09 23:52

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Netapp Active Iq Performance Analytics Services - cpe:/a:netapp:active_iq_performance_analytics_services:-
Elastic Logstash 1.0.0 cpe:/a:elastic:logstash:1.0.0
Elastic Logstash 1.0.1 cpe:/a:elastic:logstash:1.0.1
Elastic Logstash 1.0.4 cpe:/a:elastic:logstash:1.0.4
Elastic Logstash 1.0.5 cpe:/a:elastic:logstash:1.0.5
Elastic Logstash 1.0.6 cpe:/a:elastic:logstash:1.0.6
Elastic Logstash 1.0.7 cpe:/a:elastic:logstash:1.0.7
Elastic Logstash 1.0.9 cpe:/a:elastic:logstash:1.0.9
Elastic Logstash 1.0.10 cpe:/a:elastic:logstash:1.0.10
Elastic Logstash 1.0.11 cpe:/a:elastic:logstash:1.0.11
Elastic Logstash 1.0.12 cpe:/a:elastic:logstash:1.0.12
Elastic Logstash 1.0.14 cpe:/a:elastic:logstash:1.0.14
Elastic Logstash 1.0.15 cpe:/a:elastic:logstash:1.0.15
Elastic Logstash 1.0.16 cpe:/a:elastic:logstash:1.0.16
Elastic Logstash 1.0.17 cpe:/a:elastic:logstash:1.0.17
Elastic Logstash 1.1.0 cpe:/a:elastic:logstash:1.1.0:-
Elastic Logstash 1.1.0 cpe:/a:elastic:logstash:1.1.0:beta7
Elastic Logstash 1.1.0 cpe:/a:elastic:logstash:1.1.0:beta8
Elastic Logstash 1.1.0 cpe:/a:elastic:logstash:1.1.0:beta9
Elastic Logstash 1.1.0.1 cpe:/a:elastic:logstash:1.1.0.1
Elastic Logstash 1.1.1 cpe:/a:elastic:logstash:1.1.1:-
Elastic Logstash 1.1.1 cpe:/a:elastic:logstash:1.1.1:rc1
Elastic Logstash 1.1.2 cpe:/a:elastic:logstash:1.1.2
Elastic Logstash 1.1.3 cpe:/a:elastic:logstash:1.1.3
Elastic Logstash 1.1.4 cpe:/a:elastic:logstash:1.1.4
Elastic Logstash 1.1.5 cpe:/a:elastic:logstash:1.1.5
Elastic Logstash 1.1.6 cpe:/a:elastic:logstash:1.1.6
Elastic Logstash 1.1.7 cpe:/a:elastic:logstash:1.1.7
Elastic Logstash 1.1.8 cpe:/a:elastic:logstash:1.1.8
Elastic Logstash 1.1.9 cpe:/a:elastic:logstash:1.1.9
Elastic Logstash 1.1.10 cpe:/a:elastic:logstash:1.1.10
Elastic Logstash 1.1.11 cpe:/a:elastic:logstash:1.1.11
Elastic Logstash 1.1.12 cpe:/a:elastic:logstash:1.1.12
Elastic Logstash 1.1.13 cpe:/a:elastic:logstash:1.1.13
Elastic Logstash 1.2.0 cpe:/a:elastic:logstash:1.2.0:-
Elastic Logstash 1.2.0 cpe:/a:elastic:logstash:1.2.0:beta1
Elastic Logstash 1.2.0 cpe:/a:elastic:logstash:1.2.0:beta2
Elastic Logstash 1.2.1 cpe:/a:elastic:logstash:1.2.1
Elastic Logstash 1.2.2 cpe:/a:elastic:logstash:1.2.2
Elastic Logstash 1.3.0 cpe:/a:elastic:logstash:1.3.0
Elastic Logstash 1.3.1 cpe:/a:elastic:logstash:1.3.1
Elastic Logstash 1.3.2 cpe:/a:elastic:logstash:1.3.2
Elastic Logstash 1.3.3 cpe:/a:elastic:logstash:1.3.3
Elastic Logstash 1.4.0 cpe:/a:elastic:logstash:1.4.0:-
Elastic Logstash 1.4.0 cpe:/a:elastic:logstash:1.4.0:beta1
Elastic Logstash 1.4.0 cpe:/a:elastic:logstash:1.4.0:beta2
Elastic Logstash 1.4.0 cpe:/a:elastic:logstash:1.4.0:rc1
Elastic Logstash 1.4.1 cpe:/a:elastic:logstash:1.4.1
Elastic Logstash 1.4.2 cpe:/a:elastic:logstash:1.4.2
Elastic Logstash 1.4.3 cpe:/a:elastic:logstash:1.4.3
Elastic Logstash 1.4.4 cpe:/a:elastic:logstash:1.4.4
Elastic Logstash 1.5.0 cpe:/a:elastic:logstash:1.5.0:-
Elastic Logstash 1.5.0 cpe:/a:elastic:logstash:1.5.0:beta1
Elastic Logstash 1.5.0 cpe:/a:elastic:logstash:1.5.0:rc1
Elastic Logstash 1.5.0 cpe:/a:elastic:logstash:1.5.0:rc2
Elastic Logstash 1.5.0 cpe:/a:elastic:logstash:1.5.0:rc3
Elastic Logstash 1.5.0 cpe:/a:elastic:logstash:1.5.0:rc4
Elastic Logstash 1.5.0 cpe:/a:elastic:logstash:1.5.0:snapshot1
Elastic Logstash 1.5.1 cpe:/a:elastic:logstash:1.5.1:-
Elastic Logstash 1.5.1 cpe:/a:elastic:logstash:1.5.1:snapshot1
Elastic Logstash 1.5.2 cpe:/a:elastic:logstash:1.5.2:-
Elastic Logstash 1.5.2 cpe:/a:elastic:logstash:1.5.2:snapshot1
Elastic Logstash 1.5.2 cpe:/a:elastic:logstash:1.5.2:snapshot2
Elastic Logstash 1.5.3 cpe:/a:elastic:logstash:1.5.3:-
Elastic Logstash 1.5.3 cpe:/a:elastic:logstash:1.5.3:snapshot1
Elastic Logstash 1.5.3 cpe:/a:elastic:logstash:1.5.3:snapshot2
Elastic Logstash 1.5.4 cpe:/a:elastic:logstash:1.5.4
Elastic Logstash 1.5.5 cpe:/a:elastic:logstash:1.5.5
Elastic Logstash 1.5.6 cpe:/a:elastic:logstash:1.5.6
Elastic Logstash 2.0.0 cpe:/a:elastic:logstash:2.0.0:-
Elastic Logstash 2.0.0 cpe:/a:elastic:logstash:2.0.0:beta1
Elastic Logstash 2.0.0 cpe:/a:elastic:logstash:2.0.0:beta2
Elastic Logstash 2.0.0 cpe:/a:elastic:logstash:2.0.0:beta3
Elastic Logstash 2.0.0 cpe:/a:elastic:logstash:2.0.0:rc1
Elastic Logstash 2.1.0 cpe:/a:elastic:logstash:2.1.0
Elastic Logstash 2.1.1 cpe:/a:elastic:logstash:2.1.1
Elastic Logstash 2.1.2 cpe:/a:elastic:logstash:2.1.2
Elastic Logstash 2.1.3 cpe:/a:elastic:logstash:2.1.3
Elastic Logstash 2.2.0 cpe:/a:elastic:logstash:2.2.0
Elastic Logstash 2.2.1 cpe:/a:elastic:logstash:2.2.1
Elastic Logstash 2.2.2 cpe:/a:elastic:logstash:2.2.2
Elastic Logstash 2.2.3 cpe:/a:elastic:logstash:2.2.3
Elastic Logstash 2.3.0 cpe:/a:elastic:logstash:2.3.0:-
Elastic Logstash 2.3.0 cpe:/a:elastic:logstash:2.3.0:snapshot2
Elastic Logstash 2.3.0 cpe:/a:elastic:logstash:2.3.0:snapshot3
Elastic Logstash 2.3.0 cpe:/a:elastic:logstash:2.3.0:snapshot5
Elastic Logstash 2.3.1 cpe:/a:elastic:logstash:2.3.1:-
Elastic Logstash 2.3.1 cpe:/a:elastic:logstash:2.3.1:snapshot1
Elastic Logstash 2.3.2 cpe:/a:elastic:logstash:2.3.2
Elastic Logstash 2.3.3 cpe:/a:elastic:logstash:2.3.3
Elastic Logstash 2.3.4 cpe:/a:elastic:logstash:2.3.4
Elastic Logstash 2.4.0 cpe:/a:elastic:logstash:2.4.0
Elastic Logstash 2.4.1 cpe:/a:elastic:logstash:2.4.1
Elastic Logstash 5.0.0 cpe:/a:elastic:logstash:5.0.0:-
Elastic Logstash 5.0.0 cpe:/a:elastic:logstash:5.0.0:alpha1
Elastic Logstash 5.0.0 cpe:/a:elastic:logstash:5.0.0:alpha2
Elastic Logstash 5.0.0 cpe:/a:elastic:logstash:5.0.0:alpha3
Elastic Logstash 5.0.0 cpe:/a:elastic:logstash:5.0.0:alpha4
Elastic Logstash 5.0.0 cpe:/a:elastic:logstash:5.0.0:alpha5
Elastic Logstash 5.0.0 cpe:/a:elastic:logstash:5.0.0:alpha6
Elastic Logstash 5.0.0 cpe:/a:elastic:logstash:5.0.0:beta1
Elastic Logstash 5.0.0 cpe:/a:elastic:logstash:5.0.0:rc1
Elastic Logstash 5.0.1 cpe:/a:elastic:logstash:5.0.1
Elastic Logstash 5.0.2 cpe:/a:elastic:logstash:5.0.2
Elastic Logstash 5.1.0 cpe:/a:elastic:logstash:5.1.0
Elastic Logstash 5.1.1 cpe:/a:elastic:logstash:5.1.1
Elastic Logstash 5.1.2 cpe:/a:elastic:logstash:5.1.2
Elastic Logstash 5.2.0 cpe:/a:elastic:logstash:5.2.0
Elastic Logstash 5.2.1 cpe:/a:elastic:logstash:5.2.1
Elastic Logstash 5.2.2 cpe:/a:elastic:logstash:5.2.2
Elastic Logstash 5.3.0 cpe:/a:elastic:logstash:5.3.0
Elastic Logstash 5.3.1 cpe:/a:elastic:logstash:5.3.1
Elastic Logstash 5.3.2 cpe:/a:elastic:logstash:5.3.2
Elastic Logstash 5.3.3 cpe:/a:elastic:logstash:5.3.3
Elastic Logstash 5.4.0 cpe:/a:elastic:logstash:5.4.0
Elastic Logstash 5.4.1 cpe:/a:elastic:logstash:5.4.1
Elastic Logstash 5.4.2 cpe:/a:elastic:logstash:5.4.2
Elastic Logstash 5.4.3 cpe:/a:elastic:logstash:5.4.3
Elastic Logstash 5.5.0 cpe:/a:elastic:logstash:5.5.0
Elastic Logstash 5.5.1 cpe:/a:elastic:logstash:5.5.1
Elastic Logstash 5.5.2 cpe:/a:elastic:logstash:5.5.2
Elastic Logstash 5.5.3 cpe:/a:elastic:logstash:5.5.3
Elastic Logstash 5.6.0 cpe:/a:elastic:logstash:5.6.0
Elastic Logstash 5.6.1 cpe:/a:elastic:logstash:5.6.1
Elastic Logstash 5.6.2 cpe:/a:elastic:logstash:5.6.2
Elastic Logstash 5.6.3 cpe:/a:elastic:logstash:5.6.3
Elastic Logstash 5.6.4 cpe:/a:elastic:logstash:5.6.4
Elastic Logstash 5.6.5 cpe:/a:elastic:logstash:5.6.5
Elastic Logstash 5.6.6 cpe:/a:elastic:logstash:5.6.6
Elastic Logstash 5.6.7 cpe:/a:elastic:logstash:5.6.7
Elastic Logstash 5.6.8 cpe:/a:elastic:logstash:5.6.8
Elastic Logstash 5.6.9 cpe:/a:elastic:logstash:5.6.9
Elastic Logstash 5.6.10 cpe:/a:elastic:logstash:5.6.10
Elastic Logstash 5.6.11 cpe:/a:elastic:logstash:5.6.11
Elastic Logstash 5.6.12 cpe:/a:elastic:logstash:5.6.12
Elastic Logstash 5.6.13 cpe:/a:elastic:logstash:5.6.13
Elastic Logstash 5.6.14 cpe:/a:elastic:logstash:5.6.14
Elastic Logstash 6.0.0 cpe:/a:elastic:logstash:6.0.0:-
Elastic Logstash 6.0.0 cpe:/a:elastic:logstash:6.0.0:alpha1
Elastic Logstash 6.0.0 cpe:/a:elastic:logstash:6.0.0:alpha2
Elastic Logstash 6.0.0 cpe:/a:elastic:logstash:6.0.0:beta1
Elastic Logstash 6.0.0 cpe:/a:elastic:logstash:6.0.0:beta2
Elastic Logstash 6.0.0 cpe:/a:elastic:logstash:6.0.0:rc1
Elastic Logstash 6.0.0 cpe:/a:elastic:logstash:6.0.0:rc2
Elastic Logstash 6.0.1 cpe:/a:elastic:logstash:6.0.1
Elastic Logstash 6.1.0 cpe:/a:elastic:logstash:6.1.0
Elastic Logstash 6.1.1 cpe:/a:elastic:logstash:6.1.1
Elastic Logstash 6.1.2 cpe:/a:elastic:logstash:6.1.2
Elastic Logstash 6.1.3 cpe:/a:elastic:logstash:6.1.3
Elastic Logstash 6.1.4 cpe:/a:elastic:logstash:6.1.4
Elastic Logstash 6.2.0 cpe:/a:elastic:logstash:6.2.0
Elastic Logstash 6.2.1 cpe:/a:elastic:logstash:6.2.1
Elastic Logstash 6.2.2 cpe:/a:elastic:logstash:6.2.2
Elastic Logstash 6.2.3 cpe:/a:elastic:logstash:6.2.3
Elastic Logstash 6.2.4 cpe:/a:elastic:logstash:6.2.4
Elastic Logstash 6.3.0 cpe:/a:elastic:logstash:6.3.0
Elastic Logstash 6.3.1 cpe:/a:elastic:logstash:6.3.1
Elastic Logstash 6.3.2 cpe:/a:elastic:logstash:6.3.2
Elastic Logstash 6.4.0 cpe:/a:elastic:logstash:6.4.0
Elastic Logstash 6.4.1 cpe:/a:elastic:logstash:6.4.1
Elastic Logstash 6.4.2 cpe:/a:elastic:logstash:6.4.2
Elastic Logstash 6.4.3 cpe:/a:elastic:logstash:6.4.3
Elastic Logstash 6.5.0 cpe:/a:elastic:logstash:6.5.0
Elastic Logstash 6.5.1 cpe:/a:elastic:logstash:6.5.1
Elastic Logstash 6.5.2 cpe:/a:elastic:logstash:6.5.2
Elastic Logstash 6.5.3 cpe:/a:elastic:logstash:6.5.3
Elastic Logstash 6.5.4 cpe:/a:elastic:logstash:6.5.4
Elastic Logstash 6.6.0 cpe:/a:elastic:logstash:6.6.0
  1. Elastic (1) Search CVE
    1. Logstash (125) Search CVE
      1. 1.0.0
      2. 1.0.1
      3. 1.0.4
      4. 1.0.5
      5. 1.0.6
      6. 1.0.7
      7. 1.0.9
      8. 1.0.10
      9. 1.0.11
      10. 1.0.12
      11. 1.0.14
      12. 1.0.15
      13. 1.0.16
      14. 1.0.17
      15. 1.1.0
      16. 1.1.0.1
      17. 1.1.1
      18. 1.1.2
      19. 1.1.3
      20. 1.1.4
      21. 1.1.5
      22. 1.1.6
      23. 1.1.7
      24. 1.1.8
      25. 1.1.9
      26. 1.1.10
      27. 1.1.11
      28. 1.1.12
      29. 1.1.13
      30. 1.2.0
      31. 1.2.1
      32. 1.2.2
      33. 1.3.0
      34. 1.3.1
      35. 1.3.2
      36. 1.3.3
      37. 1.4.0
      38. 1.4.1
      39. 1.4.2
      40. 1.4.3
      41. 1.4.4
      42. 1.5.0
      43. 1.5.1
      44. 1.5.2
      45. 1.5.3
      46. 1.5.4
      47. 1.5.5
      48. 1.5.6
      49. 2.0.0
      50. 2.1.0
      51. 2.1.1
      52. 2.1.2
      53. 2.1.3
      54. 2.2.0
      55. 2.2.1
      56. 2.2.2
      57. 2.2.3
      58. 2.3.0
      59. 2.3.1
      60. 2.3.2
      61. 2.3.3
      62. 2.3.4
      63. 2.4.0
      64. 2.4.1
      65. 5.0.0
      66. 5.0.1
      67. 5.0.2
      68. 5.1.0
      69. 5.1.1
      70. 5.1.2
      71. 5.2.0
      72. 5.2.1
      73. 5.2.2
      74. 5.3.0
      75. 5.3.1
      76. 5.3.2
      77. 5.3.3
      78. 5.4.0
      79. 5.4.1
      80. 5.4.2
      81. 5.4.3
      82. 5.5.0
      83. 5.5.1
      84. 5.5.2
      85. 5.5.3
      86. 5.6.0
      87. 5.6.1
      88. 5.6.2
      89. 5.6.3
      90. 5.6.4
      91. 5.6.5
      92. 5.6.6
      93. 5.6.7
      94. 5.6.8
      95. 5.6.9
      96. 5.6.10
      97. 5.6.11
      98. 5.6.12
      99. 5.6.13
      100. 5.6.14
      101. 6.0.0
      102. 6.0.1
      103. 6.1.0
      104. 6.1.1
      105. 6.1.2
      106. 6.1.3
      107. 6.1.4
      108. 6.2.0
      109. 6.2.1
      110. 6.2.2
      111. 6.2.3
      112. 6.2.4
      113. 6.3.0
      114. 6.3.1
      115. 6.3.2
      116. 6.4.0
      117. 6.4.1
      118. 6.4.2
      119. 6.4.3
      120. 6.5.0
      121. 6.5.1
      122. 6.5.2
      123. 6.5.3
      124. 6.5.4
      125. 6.6.0
  2. Netapp (1) Search CVE
    1. Active Iq Performance Analytics Services (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-255 Credentials Management Weaknesses in this category are related to the management of credentials. CVE

History of changes

Date Event
2019-10-09 23:52
2019-04-24 18:59
2019-04-11 22:29
2019-03-25 19:29

New CVE