[Bug 200759] sysutils/logstash: Security vulnerability CVE-2015-4152
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 10 11:33:32 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200759
Bug ID: 200759
Summary: sysutils/logstash: Security vulnerability
CVE-2015-4152
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: http://www.securityfocus.com/archive/1/535725/30/0/thr
eaded
OS: Any
Status: New
Keywords: needs-patch, security
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: koobs at FreeBSD.org
CC: enrico.m.crisostomo at gmail.com,
ports-secteam at FreeBSD.org
Flags: maintainer-feedback?(enrico.m.crisostomo at gmail.com)
CC: enrico.m.crisostomo at gmail.com
Logstash versions 1.4.2 and prior are vulnerable to a directory traversal
attack that allows an attacker to over-write files on the server running
Logstash.
This vulnerability is not present in the initial installation of Logstash. The
vulnerability is exposed when the file output plugin is configured for use. The
files impacted must be writeable by the user that owns the Logstash process.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list