Information disclosure in Elastic Logstash

CVE-2018-3817

When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.

EPSS: 0.003 (57.1th percentile) — read the EPSS interpretation.

Affected products

Elastic Logstash — versions Before 6.1.2 or 5.6.6

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763 (x_refsource_CONFIRM)