QwikSec

Security Database

CVE

CWE

Training

CVE-2019-7612

Published: Mar 25, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

Vendor	Product	Versions
Elastic	Logstash	affected `before 5.6.15 and 6.6.1`

Weaknesses (CWE)

References

https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077

x_refsource_MISC

https://www.elastic.co/community/security

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20190411-0002/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.