Elasticsearch Logstash — known CVE vulnerabilities
Every CVE whose affected-product data names Elasticsearch Logstash, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2017-14730 — CVSS 7.8 (high): The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable…
CVE-2015-5378 — CVSS 7.5 (high): Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and…
CVE-2015-5619 — CVSS 5.9 (medium): Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates…