CVE-2019-7612 log

Source
Severity High
Remote No
Type Information disclosure
Description
A sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Group Package Affected Fixed Severity Status Ticket
AVG-913 logstash 6.6.0-1 6.6.1-1 High Fixed
Date Advisory Group Package Severity Description
25 Feb 2019 ASA-201902-28 AVG-913 logstash High information disclosure
References
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077