BIT-logstash-2023-46672

Import Source
https://github.com/bitnami/vulndb/tree/main/data/logstash/BIT-logstash-2023-46672.json
Aliases
  • CVE-2023-46672
Published
2024-01-31T15:16:07.198Z
Modified
2024-01-31T15:40:39.817Z
Details

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.

References

Affected packages

Bitnami / logstash

Package

Name
logstash

Affected ranges

Type
SEMVER
Events
Introduced
8.10.0
Fixed
8.11.1
Type
SEMVER
Events
Introduced
7.12.1
Last affected
7.12.1