ADVISORIES

• CVE-2016-10362 (NVD)
• GHSA-3gg4-6hqg-2vjx
• Vendor Advisory

GEM

logstash-core

SEVERITY

CVSS v3.x: 6.5 (Medium)

CVSS v2.0: 4.0 (Medium)

PATCHED VERSIONS

• >= 5.0.1

DESCRIPTION

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2016-10362
• https://web.archive.org/web/20210730201452/http://www.securityfocus.com/bid/99154
• https://www.opencve.io/cve/CVE-2016-10362
• https://www.elastic.co/community/security
• https://github.com/advisories/GHSA-3gg4-6hqg-2vjx