What the vulnerability does

01Description

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.

Key dates

02Disclosure timeline

June 16, 2017 CVE published
August 6, 2024 Record updated