CVE-2016-1000221

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
elasticlogstash
𝑥
≤ 2.3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99126
https://www.elastic.co/community/security
http://www.securityfocus.com/bid/99126
https://www.elastic.co/community/security