CVE-2018-3817Log File Information Exposure in Logstash

CWE-532Log File Information ExposureCWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 43.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Logstash
Timeline
PublishedMar 30
Latest updateMay 13

Description

When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDelastic/logstash6.0.06.1.2+1
CVEListV5elastic/logstashBefore 6.1.2 or 5.6.6

🔴Vulnerability Details

2
GHSA
GHSA-m5wv-852x-cj2g: When logging warnings regarding deprecated settings, Logstash before 52022-05-13
CVEList
CVE-2018-3817: When logging warnings regarding deprecated settings, Logstash before 52018-03-30
CVE-2018-3817 — Log File Information Exposure | cvebase