Exposure of Sensitive Information to an Unauthorized Actor
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Advisories for Gem/Logstash-Core package
2022
Exposure of Sensitive Information to an Unauthorized Actor
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.