Miggo Logo
Miggo Vulnerability Database
CVE-2016-10362

CVE-2016-10362: Logstash Logs Sensitive Information

6.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2016-10362
GHSA ID
GHSA-3gg4-6hqg-2vjx
EPSS Score
0.50997%
CWE
CWE-200
Published
5/13/2022
Updated
11/22/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
logstash-corerubygems< 5.0.15.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability explicitly states that HTTP basic auth credentials were logged during connection updates after sniffing. The sniffing process in the Elasticsearch Output plugin would construct URLs with credentials (for authenticated clusters) and log them unintentionally. The function responsible for sniffing and connection management (HttpClient#sniff) is the logical point where this logging would occur. The credentials leak aligns with the common pattern of logging raw connection URLs, which is a known anti-pattern when handling authenticated endpoints.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Prior to Lo*st*s* v*rsion *.*.*, *l*sti*s**r** Output plu*in w**n up**tin* *onn**tions **t*r sni**in*, woul* lo* to *il* *TTP **si* *ut* *r***nti*ls.

Reasoning

T** vuln*r**ility *xpli*itly st*t*s t**t *TTP **si* *ut* *r***nti*ls w*r* lo**** *urin* *onn**tion up**t*s **t*r sni**in*. T** sni**in* `pro**ss` in t** *l*sti*s**r** Output plu*in woul* *onstru*t URLs wit* *r***nti*ls (*or *ut**nti**t** *lust*rs) *n