CVE-2023-46672

CVSS V2 None CVSS V3 None

Description

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.

Overview

CVE ID
CVE-2023-46672

Assigner
elastic

Vulnerability Status
PUBLISHED

Published Version
2023-11-15T08:05:26.561Z

Last Modified Date
2023-11-15T08:05:26.561Z

Weakness Enumerations

CWE	URL
CWE-532	http://cwe.mitre.org/data/definitions/532.html

References

Reference URL	Reference Tags
https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191
https://www.elastic.co/community/security
https://security.netapp.com/advisory/ntap-20240125-0002/
https://security.netapp.com/advisory/ntap-20240229-0001/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-46672
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46672

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 23:04:11				Added to TrackCVE