Vulnerabilities > Elasticsearch > Logstash > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-09 CVE-2015-5619 Improper Certificate Validation vulnerability in multiple products
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
4.3
2017-06-27 CVE-2015-5378 Information Exposure vulnerability in multiple products
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
network
low complexity
elastic elasticsearch CWE-200
5.0