Skip to main content

Logstash CVE-2023-46672

MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2023-11-15 security@elastic.co
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 15, 2023 - 08:15 nvd
MEDIUM 5.5

DescriptionNVD

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.

The prerequisites for the manifestation of this issue are:

  • Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.
  • Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.

AnalysisAI

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-532. An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration. Affected products include: Elastic Logstash.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-7612 CRITICAL
9.8 Mar 25

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. Rat

CVE-2026-33466 HIGH
8.1 Apr 08

Remote code execution in Elastic Logstash versions 8.0.0 through 8.19.13 allows unauthenticated network attackers to wri

CVE-2017-14730 HIGH
7.8 Sep 25

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls fo

CVE-2014-4326 HIGH
7.5 Jul 22

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a cra

CVE-2016-1000221 HIGH
7.5 Jun 16

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could co

CVE-2015-5378 HIGH
7.5 Jun 27

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwa

CVE-2016-10363 HIGH
7.5 Jun 16

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5,

CVE-2016-1000222 HIGH
7.5 Jun 16

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas

CVE-2019-7620 HIGH
7.5 Oct 30

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. Rated high

CVE-2015-4152 MEDIUM
6.4 Jun 15

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attacke

CVE-2018-3817 MEDIUM
6.5 Mar 30

When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log

CVE-2015-5619 MEDIUM
5.9 Aug 09

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SS

Share

CVE-2023-46672 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy