Vulnerabilities > Elastic > Logstash > 1.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-25 | CVE-2019-7612 | Credentials Management vulnerability in multiple products A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. | 5.0 |
| 2018-03-30 | CVE-2018-3817 | Information Exposure vulnerability in Elastic Logstash When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. | 4.0 |
| 2017-06-16 | CVE-2016-10363 | Improper Resource Shutdown or Release vulnerability in Elastic Logstash Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. | 5.0 |
| 2017-06-16 | CVE-2016-1000222 | Argument Injection or Modification vulnerability in Elastic Logstash Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | 5.0 |
| 2017-06-16 | CVE-2016-1000221 | Information Exposure vulnerability in Elastic Logstash Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. | 5.0 |
| 2015-06-15 | CVE-2015-4152 | Path Traversal vulnerability in Elastic Logstash Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option. | 6.4 |