CVE-2016-1000221Sensitive Information Exposure in Logstash

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 26.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Logstash
Timeline
PublishedJun 16
Latest updateMay 14

Description

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDelastic/logstash2.3.3

🔴Vulnerability Details

3
OSV
Logstash Logs Sensitive Information2022-05-14
GHSA
Logstash Logs Sensitive Information2022-05-14
CVEList
CVE-2016-1000221: Logstash prior to version 22017-06-16
CVE-2016-1000221 — Sensitive Information Exposure | cvebase