Elasticsearch Logstash
3 CVEs affecting Elasticsearch Logstash. Latest disclosed: 2017-09-25. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-14730 | High | 7.8 | 2017-09-25 | The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which… |
CVE-2015-5378 | High | 7.5 | 2017-06-27 | Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. |
CVE-2015-5619 | Medium | 5.9 | 2017-08-09 | Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash se… |