This page lists publicly disclosed CVE vulnerabilities affecting elasticsearch logstash (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-14730 | The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | [email protected] | 7.8 | 0.35% | 2017-09-25 | 2026-06-17 |
| CVE-2015-5619 | Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack. | [email protected] | 5.9 | 1.22% | 2017-08-09 | 2026-06-17 |
| CVE-2015-5378 | Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. | [email protected] | 7.5 | 2.46% | 2017-06-27 | 2026-06-17 |