CVE-2016-10362
published 2017-06-16CVE-2016-10362: Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
PriorityP431medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
1.08%
61.0th percentile
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | logstash | — | — |
| elasticsearch | output_plugin | <= 5.0.0 | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Logstash Logs Sensitive Information
ghsa·2022-05-13
CVE-2016-10362 [MEDIUM] CWE-200 Logstash Logs Sensitive Information
Logstash Logs Sensitive Information
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
OSV
Logstash Logs Sensitive Information
osv·2022-05-13
CVE-2016-10362 [MEDIUM] Logstash Logs Sensitive Information
Logstash Logs Sensitive Information
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-06-16
Published