CVE-2023-46672

MEDIUM5.5EPSS 0.19%

Logstash Insertion of Sensitive Information into Log File

Published: 3/6/2024Modified: 5/20/2025

Description

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.

Affected packages (1)

Bitnami/logstash>= 7.12.1, < 7.12.2, >= 8.10.0, < 8.11.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (5)

WEBhttps://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-46672
WEBhttps://security.netapp.com/advisory/ntap-20240125-0002/
WEBhttps://security.netapp.com/advisory/ntap-20240229-0001/
WEBhttps://www.elastic.co/community/security