Elasticsearch Logstash CVE-2019-7612 Information Disclosure Vulnerability
BID:107090
Info
Elasticsearch Logstash CVE-2019-7612 Information Disclosure Vulnerability
| Bugtraq ID: | 107090 |
| Class: | Input Validation Error |
| CVE: |
CVE-2019-7612 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2019 12:00AM |
| Updated: | Feb 19 2019 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Elasticsearch Logstash 6.6 Elasticsearch Logstash 6.5.4 Elasticsearch Logstash 6.5.3 Elasticsearch Logstash 6.5.2 Elasticsearch Logstash 6.5.1 Elasticsearch Logstash 6.5 Elasticsearch Logstash 6.4.3 Elasticsearch Logstash 5.6.14 Elasticsearch Logstash 5.6.13 Elasticsearch Logstash 5.6.11 Elasticsearch Logstash 5.6.10 Elasticsearch Logstash 5.6.9 Elasticsearch Logstash 5.0.1 Elasticsearch Logstash 5.0 Elasticsearch Logstash 2.3.4 Elasticsearch Logstash 2.3.3 Elasticsearch Logstash 2.3.2 Elasticsearch Logstash 2.3.1 Elasticsearch Logstash 2.3 Elasticsearch Logstash 2.2.4 Elasticsearch Logstash 2.2.3 Elasticsearch Logstash 2.2.2 Elasticsearch Logstash 2.2.1 Elasticsearch Logstash 2.2 Elasticsearch Logstash 2.1.3 Elasticsearch Logstash 2.1.2 Elasticsearch Logstash 2.1.1 Elasticsearch Logstash 2.1 Elasticsearch Logstash 1.5.4 Elasticsearch Logstash 1.5.3 Elasticsearch Logstash 1.5.2 Elasticsearch Logstash 1.4.5 Elasticsearch Logstash 1.4.4 Elasticsearch Logstash 1.1 1 Elasticsearch Logstash 1.5.0 Elasticsearch Logstash 1.4.3 Elasticsearch Logstash 1.4.2 Elasticsearch Logstash 1.4.1 Elasticsearch Logstash 1.4.0 Elasticsearch Logstash 1.3.3 Elasticsearch Logstash 1.3.2 Elasticsearch Logstash 1.3.1 Elasticsearch Logstash 1.3.0 Elasticsearch Logstash 1.2.2 Elasticsearch Logstash 1.2.1 Elasticsearch Logstash 1.1.9 Elasticsearch Logstash 1.1.8 Elasticsearch Logstash 1.1.7 Elasticsearch Logstash 1.1.6 Elasticsearch Logstash 1.1.5 Elasticsearch Logstash 1.1.4 Elasticsearch Logstash 1.1.3 Elasticsearch Logstash 1.1.2 Elasticsearch Logstash 1.1.13 Elasticsearch Logstash 1.1.12 Elasticsearch Logstash 1.1.11 Elasticsearch Logstash 1.1.10 Elasticsearch Logstash 1.1.1 Elasticsearch Logstash 1.1.0 Elasticsearch Logstash 1.0.17 Elasticsearch Logstash 1.0.16 Elasticsearch Logstash 1.0.15 Elasticsearch Logstash 1.0.14 |
| Not Vulnerable: |
Elasticsearch Logstash 6.6.1 Elasticsearch Logstash 5.6.15 |
Discussion
Elasticsearch Logstash CVE-2019-7612 Information Disclosure Vulnerability
Elasticsearch Logstash is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks.
Versions prior to Elasticsearch Logstash 5.6.15 and 6.6.1 are vulnerable.
Elasticsearch Logstash is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks.
Versions prior to Elasticsearch Logstash 5.6.15 and 6.6.1 are vulnerable.
Exploit / POC
Elasticsearch Logstash CVE-2019-7612 Information Disclosure Vulnerability
An attacker can exploit this issue using a browser.
An attacker can exploit this issue using a browser.
Solution / Fix
Elasticsearch Logstash CVE-2019-7612 Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Elasticsearch Logstash CVE-2019-7612 Information Disclosure Vulnerability
References:
References:
- Elasticsearch Homepage (Elasticsearch)
- Elastic Stack 6.6.1 and 5.6.15 security update (Elastic Stack)
- Elasticsearch Security Issues (Elasticsearch)