Known Vulnerabilities for Logstash by Elastic
Listed below are 10 of the newest known vulnerabilities associated with "Logstash" by "Elastic".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-22138 | In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring f... | 3.7 - LOW | 2021-05-13 | 2022-06-04 |
| CVE-2019-7620 | Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthentica... | 7.5 - HIGH | 2019-10-30 | 2020-10-09 |
| CVE-2019-7612 | A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a mal... | 9.8 - CRITICAL | 2019-03-25 | 2020-10-05 |
| CVE-2018-3817 | When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensi... | 6.5 - MEDIUM | 2018-03-30 | 2019-10-09 |
| CVE-2016-1000222 | Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in t... | 7.5 - HIGH | 2017-06-16 | 2019-06-17 |
| CVE-2016-1000221 | Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain... | 7.5 - HIGH | 2017-06-16 | 2019-06-17 |
| CVE-2016-10363 | Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netfl... | 7.5 - HIGH | 2017-06-16 | 2019-10-09 |
| CVE-2015-5619 | Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS... | 5.9 - MEDIUM | 2017-08-09 | 2019-06-17 |
| CVE-2015-5378 | Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder ... | 7.5 - HIGH | 2017-06-27 | 2019-06-17 |
| CVE-2015-4152 | Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to... | 6.4 - MEDIUM | 2015-06-15 | 2019-06-17 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Elastic | Logstash | 7.4.1 | All | All | All |
| Application | Elastic | Logstash | 7.1.1 | All | All | All |
| Application | Elastic | Logstash | 7.1.0 | All | All | All |
| Application | Elastic | Logstash | 7.0.1 | All | All | All |
| Application | Elastic | Logstash | 7.0.0 | - | All | All |
| Application | Elastic | Logstash | 7.0.0 | alpha1 | All | All |
| Application | Elastic | Logstash | 7.0.0 | alpha2 | All | All |
| Application | Elastic | Logstash | 7.0.0 | beta1 | All | All |
| Application | Elastic | Logstash | 7.0.0 | rc1 | All | All |
| Application | Elastic | Logstash | 7.0.0 | rc2 | All | All |
| Application | Elastic | Logstash | 6.8.4 | All | All | All |
| Application | Elastic | Logstash | 6.8.0 | All | All | All |
| Application | Elastic | Logstash | 6.7.2 | All | All | All |
| Application | Elastic | Logstash | 6.7.1 | All | All | All |
| Application | Elastic | Logstash | 6.7.0 | All | All | All |
| Application | Elastic | Logstash | 6.6.2 | All | All | All |
| Application | Elastic | Logstash | 6.6.1 | All | All | All |
| Application | Elastic | Logstash | 6.6.0 | All | All | All |
| Application | Elastic | Logstash | 6.5.4 | All | All | All |
| Application | Elastic | Logstash | 6.5.3 | All | All | All |