CVE-2016-10362Log File Information Exposure in Elasticsearch Output Plugin

CWE-532Log File Information ExposureCWE-200Sensitive Information Exposure4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 48.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Elasticsearch Output PluginElastic Logstash
Timeline
PublishedJun 16
Latest updateMay 13

Description

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/logstashbefore 5.0.1

🔴Vulnerability Details

3
GHSA
Logstash Logs Sensitive Information2022-05-13
OSV
Logstash Logs Sensitive Information2022-05-13
CVEList
CVE-2016-10362: Prior to Logstash version 52017-06-16
CVE-2016-10362 — Log File Information Exposure | cvebase