Vulnerabilities > Elasticsearch > Logstash

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2017-14730 Incorrect Permission Assignment for Critical Resource vulnerability in Elasticsearch Logstash
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
local
low complexity
elasticsearch gentoo CWE-732
7.2
2017-08-09 CVE-2015-5619 Improper Certificate Validation vulnerability in multiple products
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
4.3
2017-06-27 CVE-2015-5378 Information Exposure vulnerability in multiple products
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
network
low complexity
elastic elasticsearch CWE-200
5.0