CVE-2018-3817

Advisory lineage Upstream: 0 Downstream: 2
Modified
Published: 30 Mar 2018, 20:00
Last modified:05 Aug 2024, 04:57

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
v3.0 (nvd)
EPSS Score
0.34% LOW
0% probability +0.05%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

30 Mar 2018, 20:00
Published
Vulnerability first disclosed
05 Aug 2024, 04:57
Last Modified
Vulnerability information updated

Description

When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.

CVSS Metrics

  • v3.0MEDIUMScore: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • v2.0MEDIUMScore: 4AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.34% Percentile: 57%

Techniques & Countermeasures

  • CWE-200Exposure of Sensitive Information to an Unauthorized Actor

    The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

  • CWE-532Insertion of Sensitive Information into Log File

    The product writes sensitive information to a log file.

Affected Systems

  • elasticlogstash

    < 5.6.6 | ≥ 6.0.0, < 6.1.2 | < 6.1.2 or 5.6.6

References (1)