CVE-2019-7620

Sažetak

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.

Reference

https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908
https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909
https://www.elastic.co/community/security

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

09-10-2020 - 12:55

Objavljeno

30-10-2019 - 14:15