CVE-2016-10362: Exposure of Sensitive Information to an Unauthorized Actor

May 13, 2022 (updated July 28, 2023)

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.

References

github.com/advisories/GHSA-3gg4-6hqg-2vjx
nvd.nist.gov/vuln/detail/CVE-2016-10362
web.archive.org/web/20210730201452/http://www.securityfocus.com/bid/99154
www.elastic.co/community/security

Code Behaviors & Features

Detect and mitigate CVE-2016-10362 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →