Description
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.
References (4)
Core 4
Core References
Vendor Advisory
https://www.elastic.co/community/security
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240125-0002/
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240229-0001/
Scores
CVSS v3
8.4
EPSS
0.0019
EPSS Percentile
40.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-532
Status
published
Products (2)
elastic/logstash
7.12.1
elastic/logstash
8.10.0 - 8.11.1
Published
Nov 15, 2023
Tracked Since
Feb 18, 2026