← back
CVE-2019-7612

CVE-2019-7612

EPSS 2.4%CWE-209
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Affected products
Elastic · Logstash

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077https://security.netapp.com/advisory/ntap-20190411-0002/https://www.elastic.co/community/security