Lucene search

PRIOn knowledge basePRION:CVE-2023-46672

HistoryNov 15, 2023 - 8:15 a.m.

Design/Logic Flaw

2023-11-1508:15:00

PRIOn knowledge base

www.prio-n.com

design flaw

logic flaw

logstash

sensitive information

configuration

json format

keystore

nvd

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.

The prerequisites for the manifestation of this issue are:

Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.
Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.

CPENameOperatorVersion
logstashge8.10.0
logstashlt8.11.1
logstasheq7.12.1

Name	Operator	Version
logstash	ge	8.10.0
logstash	lt	8.11.1
logstash	eq	7.12.1

References

discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191

security.netapp.com/advisory/ntap-20240125-0002/

www.elastic.co/community/security