Elasticsearch Logstash vulnerabilities

CVE-2017-14730 [HIGH] CWE-732 CVE-2017-14730: The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.

CVE-2015-5619 [MEDIUM] CWE-295 CVE-2015-5619: Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.

CVE-2015-5378 [HIGH] CWE-200 CVE-2015-5378: Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications be Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.