Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Logstash Insertion of Sensitive Information into Log File
Vulnerability Description
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Elastic Logstash 日志信息泄露漏洞
Vulnerability Description
Elastic Logstash是荷兰Elastic公司的一套日志分析和监控工具。 Elastic Logstash 8.11.1之前版本存在安全漏洞,该漏洞源于在特定情况下,敏感信息会记录在 Logstash 日志中。
CVSS Information
N/A
Vulnerability Type
N/A