GHSA-vcmm-ppqx-95ch
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vcmm-ppqx-95ch
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vcmm-ppqx-95ch/GHSA-vcmm-ppqx-95ch.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vcmm-ppqx-95ch
- Aliases
- Published
- 2022-05-14T00:58:12Z
- Modified
- 2024-02-16T08:09:23.721451Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Logstash Logs Sensitive Information
- Details
-
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-200" ], "github_reviewed_at": "2023-07-28T20:52:56Z", "nvd_published_at": "2017-06-16T21:29:00Z", "severity": "HIGH" }- References
Affected packages
RubyGems / logstash-core
Package
- Name
- logstash-core
- Purl
- pkg:gem/logstash-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.3.4
Affected versions
1.*
1.5.0.beta2
1.5.0.rc1
1.5.0.rc1.1
1.5.0.rc2.snapshot
1.5.0.rc2
1.5.0.rc3.snapshot1
1.5.0.rc3.snapshot2
1.5.0.rc3.snapshot3
1.5.0.rc3.snapshot4
1.5.0.rc3.snapshot5
1.5.0.rc3.snapshot6
1.5.0.rc3
1.5.0.rc4.snapshot1
1.5.0.rc4.snapshot2
1.5.0.rc4
1.5.0.snapshot1
1.5.0
1.5.1.snapshot1
1.5.1
1.5.2.snapshot1
1.5.2.snapshot2
1.5.2
1.5.2.1
1.5.2.2
1.5.3.snapshot1
1.5.3.snapshot2
1.5.3
1.5.4.snapshot1
1.5.4.snapshot2
1.5.4.snapshot3
1.5.4
1.5.5
1.5.6
2.*
2.0.0.beta1
2.0.0.beta2
2.0.0.beta3
2.0.0.rc1
2.0.0
2.0.1.snapshot1
2.0.1
2.1.0.snapshot1
2.1.0.snapshot2
2.1.0.snapshot3
2.1.0.snapshot4
2.1.0
2.1.1
2.1.2.snapshot1
2.1.2
2.1.3
2.2.0.snapshot2
2.2.0.snapshot3
2.2.0
2.2.1.snapshot1
2.2.1
2.2.2
2.2.3.snapshot2
2.2.3
2.2.4.snapshot1
2.2.4.snapshot2
2.2.4
2.3.0.snapshot1
2.3.0.snapshot3
2.3.0.snapshot4
2.3.0.snapshot5
2.3.0
2.3.1.snapshot1
2.3.1
2.3.2.snapshot1
2.3.2
2.3.3.snapshot1
2.3.3.snapshot2
2.3.3
2.3.4.snapshot1