{ "id": "CVE-2023-46672", "sourceIdentifier": "bressers@elastic.co", "published": "2023-11-15T08:15:07.907", "lastModified": "2024-03-21T02:49:22.760", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.\n\nThe prerequisites for the manifestation of this issue are:\n\n * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.\n\n\n * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.\n\n\n\n\n\n\n" }, { "lang": "es", "value": "Elastic identific\u00f3 un problema por el cual se registra informaci\u00f3n confidencial en los registros de Logstash en circunstancias espec\u00edficas. Los requisitos previos para la manifestaci\u00f3n de este problema son: * Logstash est\u00e1 configurado para iniciar sesi\u00f3n en formato JSON https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html, que no es el formato de registro predeterminado. * Los datos confidenciales se almacenan en el almac\u00e9n de claves de Logstash y se hace referencia a ellos como una variable en la configuraci\u00f3n de Logstash." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, "impactScore": 3.6 }, { "source": "bressers@elastic.co", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 8.4, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.0, "impactScore": 5.8 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-532" } ] }, { "source": "bressers@elastic.co", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-532" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.10.0", "versionEndExcluding": "8.11.1", "matchCriteriaId": "52DFEFFA-CCF9-4E50-8E9C-7F79648ECA45" }, { "vulnerable": true, "criteria": "cpe:2.3:a:elastic:logstash:7.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C6FC2020-096A-46B3-8A0C-34E35FD00EDD" } ] } ] } ], "references": [ { "url": "https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191", "source": "bressers@elastic.co", "tags": [ "Release Notes" ] }, { "url": "https://security.netapp.com/advisory/ntap-20240125-0002/", "source": "bressers@elastic.co" }, { "url": "https://security.netapp.com/advisory/ntap-20240229-0001/", "source": "bressers@elastic.co" }, { "url": "https://www.elastic.co/community/security", "source": "bressers@elastic.co", "tags": [ "Vendor Advisory" ] } ] }