VDB
CVE-2019-7612
CVE-2019-7612
PUBLISHED
CVSS 5 MEDIUM
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
EPSS 0.45% · 64.2th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.45%
64.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| netapp | active_iq_performance_analytics_services | |
| Elastic | Logstash | before 5.6.15 and 6.6.1 |
| elastic | logstash | 0, 6.0.0 |
Timeline
- Mar 25, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 url
- https://www.elastic.co/community/security url
- https://security.netapp.com/advisory/ntap-20190411-0002/ url
- https://nvd.nist.gov/vuln/detail/CVE-2019-7612 advisory
- https://security.netapp.com/advisory/ntap-20190411-0002 url