Elasticsearch Logstash is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks.
Versions prior to Elasticsearch Logstash 5.6.15 and 6.6.1 are vulnerable.
Information
Elasticsearch Logstash 6.5.4
Elasticsearch Logstash 6.5.3
Elasticsearch Logstash 6.5.2
Elasticsearch Logstash 6.5.1
Elasticsearch Logstash 6.5
Elasticsearch Logstash 6.4.3
Elasticsearch Logstash 5.6.14
Elasticsearch Logstash 5.6.13
Elasticsearch Logstash 5.6.11
Elasticsearch Logstash 5.6.10
Elasticsearch Logstash 5.6.9
Elasticsearch Logstash 5.0.1
Elasticsearch Logstash 5.0
Elasticsearch Logstash 2.3.4
Elasticsearch Logstash 2.3.3
Elasticsearch Logstash 2.3.2
Elasticsearch Logstash 2.3.1
Elasticsearch Logstash 2.3
Elasticsearch Logstash 2.2.4
Elasticsearch Logstash 2.2.3
Elasticsearch Logstash 2.2.2
Elasticsearch Logstash 2.2.1
Elasticsearch Logstash 2.2
Elasticsearch Logstash 2.1.3
Elasticsearch Logstash 2.1.2
Elasticsearch Logstash 2.1.1
Elasticsearch Logstash 2.1
Elasticsearch Logstash 1.5.4
Elasticsearch Logstash 1.5.3
Elasticsearch Logstash 1.5.2
Elasticsearch Logstash 1.4.5
Elasticsearch Logstash 1.4.4
Elasticsearch Logstash 1.1 1
Elasticsearch Logstash 1.5.0
Elasticsearch Logstash 1.4.3
Elasticsearch Logstash 1.4.2
Elasticsearch Logstash 1.4.1
Elasticsearch Logstash 1.4.0
Elasticsearch Logstash 1.3.3
Elasticsearch Logstash 1.3.2
Elasticsearch Logstash 1.3.1
Elasticsearch Logstash 1.3.0
Elasticsearch Logstash 1.2.2
Elasticsearch Logstash 1.2.1
Elasticsearch Logstash 1.1.9
Elasticsearch Logstash 1.1.8
Elasticsearch Logstash 1.1.7
Elasticsearch Logstash 1.1.6
Elasticsearch Logstash 1.1.5
Elasticsearch Logstash 1.1.4
Elasticsearch Logstash 1.1.3
Elasticsearch Logstash 1.1.2
Elasticsearch Logstash 1.1.13
Elasticsearch Logstash 1.1.12
Elasticsearch Logstash 1.1.11
Elasticsearch Logstash 1.1.10
Elasticsearch Logstash 1.1.1
Elasticsearch Logstash 1.1.0
Elasticsearch Logstash 1.0.17
Elasticsearch Logstash 1.0.16
Elasticsearch Logstash 1.0.15
Elasticsearch Logstash 1.0.14
Elasticsearch Logstash 5.6.15
Exploit
An attacker can exploit this issue using a browser.
References:
- Elasticsearch Homepage (Elasticsearch)
- Elastic Stack 6.6.1 and 5.6.15 security update (Elastic Stack)
- Elasticsearch Security Issues (Elasticsearch)