Users should upgrade to Elasticsearch version 7.17.13 and 8.9.0 and higher. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. Upgrade to Logstash 1.4.2 or later, or disable the Zabbix and Nagios outputs.Īn issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. Logstash 1.4.1 and prior, when configured to use the Zabbix or Nagios outputs, allows an attacker with access to send crafted events to Logstash inputs to cause Logstash to execute OS commands. Users should upgrade to 1.4.3 or 1.5.0 Users that do not want to upgrade can address the vulnerability by disabling the file output plugin. Users that do not want to upgrade can address the vulnerability by disabling the Lumberjack input.Īll Logstash versions prior to 1.4.3 that use the file output plugin are vulnerable to a directory traversal attack that allows an attacker to write files as the Logstash user. This allows an attacker to intercept communication and access secure data. ![]() Users that do not want to upgrade can address the vulnerability by disabling the Lumberjack output.Īll Logstash versions prior to 1.5.2 that use Lumberjack input (in combination with Logstash Forwarder agent) are vulnerable to a SSL/TLS security issue called the FREAK attack. Please note that Logstash Forwarder is not affected by this. Users that currently use Logstash CSV output plugin or may want to use it in the future should upgrade to 2.2.0 or 2.1.2.Īll Logstash versions prior to 1.5.3 that use Lumberjack output is vulnerable to this man in the middle attack. Prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. Prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Users that currently use Logstash's netflow codec plugin or may want to use it in the future should upgrade to 2.3.3 or later versions. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit. In Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. Users who secure communication from Logstash to Elasticsearch via Basic Authorization using Elastic Shield or other systems are advised to upgrade to this version. Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. Users that currently use Logstash Log4j input plugin should upgrade the logstash-input-log4j plugin to version 3.0.5 This flaw could result in remote code execution by an attacker able to send arbitrary data to a Logstash Log4j plugin. The version of Apache Log4j used in Logstash was vulnerable to an object deserialization flaw. If you are unable to upgrade you should review your settings to ensure no deprecated settings are used in your environment. Users should upgrade to Logstash version 6.1.2 or 5.6.6. When logging warnings regarding deprecated settings, Logstash could inadvertently log sensitive information. Users should upgrade to Logstash version 6.6.1 or 5.6.15 If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. ![]() Users should upgrade to Logstash version 7.4.1 or 6.8.4.Ī sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. Thanks to Dennis Detering, IT security consultant at Spike Reply for reporting this issue. If you are not using the Beats input plugin with Logstash you are not vulnerable to this issue. ![]() An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding. Users should update their version of Logstash to 7.12.0 or 6.8.15.Ī denial of service flaw was found in the Logstash beats input plugin before versions 6.8.4 and 7.4.1. This could result in a man in the middle style attack against the Logstash monitoring data. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |