CVE-2016-1000221: Exposure of Sensitive Information to an Unauthorized Actor

May 14, 2022 (updated July 28, 2023)

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.

References

github.com/advisories/GHSA-vcmm-ppqx-95ch
nvd.nist.gov/vuln/detail/CVE-2016-1000221
web.archive.org/web/20210124065200/http://www.securityfocus.com/bid/99126
www.elastic.co/community/security

Code Behaviors & Features

Detect and mitigate CVE-2016-1000221 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →