CVE-2019-7612

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-25 19:29

Updated : 2023-12-10 12:59


NVD link : CVE-2019-7612

Mitre link : CVE-2019-7612

CVE.ORG link : CVE-2019-7612


JSON object : View

Products Affected

netapp

  • active_iq_performance_analytics_services

elastic

  • logstash
CWE
CWE-532

Insertion of Sensitive Information into Log File

CWE-209

Generation of Error Message Containing Sensitive Information