Hello, We have log4j vulnerabilities for Elasticsearch and Logstash in the following paths: Path : /usr/share/Elasticsearch/lib/log4j-core-2.11.1.jar Path : /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.14.0.jar Is there a workaround to fix the vulnerabilities? Otherwise, Is the only s…

Welcome to our community! :smiley: If you are referring to the log4shell vulnerabilities then please see 7-0-0-7-16-0-log4j-cve-2021-44228-cve-2021-45046-remediation/292343

[image] warkolm: 7-0-0-7-16-0-log4j-cve-2021-44228-cve-2021-45046-remediation/292343 I think Mark meant to link to this thread.

Hello Thanks for your updates. The link you provided for me is about Logstash. Is there a solution for Elasticsearch too? Thanks

[image] kyarali: Is there a solution for Elasticsearch too? Of course. The overall elastic view of the vulnerability can be found in <a href="https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476?ultron=log4js-exploit&blade=announcement&hulk=email&mkt_tok=ODEzLU1BTS0zOTIAAAGBU8N1ZUOwzTcRbJCOiByHmeYiopMnarq-QPWBIyhPI3Vvsp6w-4q4PBbTGZ3fZ0sB75cpaUdOddA1k-6-yh3QwAicvJTgafdJWv_-9Cn2GoKLvsmt&utm_source=log4j+hub+blog&utm_medium=embed+link&utm_campaign=log4j_hub_blog&utm_id=log4j&utm_content=log4j2+advisory">this blog post. I do not run elasticsearch, but I would start <a href="https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476?ultron=log4js-exploit&blade=announcement&hulk=email&mkt_tok=ODEzLU1BTS0zOTIAAAGBU8N1ZUOwzTcRbJCOiByHmeYiopMnarq-QPWBIyhPI3Vvsp6w-4q4PBbTGZ3fZ0sB75cpaUdOddA1k-6-yh3QwAicvJTgafdJWv_-9Cn2GoKLvsmt&utm_source=log4j+hub+blog&utm_medium=embed+link&utm_campaign=log4j_hub_blog&utm_id=log4j&utm_content=log4j2+advisory#elasticsearch-announcement-esa-2021-31-29">here . There is a ton of detail about versions and configuration variations. If an upgrade is viabl…

Yeah, that was a copy paste error!

Elasticsearch&Logstash Log4j Vulnerabilities

Elastic Stack Logstash

Badger May 16, 2022, 2:31am 3

I think Mark meant to link to this thread.

Topic		Replies	Views
Log4j2 vulnerability mitigation Logstash	7	1895	July 3, 2023
Log4j vulnerability threat impact on Elasticsearch and Logstash versions below 5 Elasticsearch	2	1285	January 16, 2022
Urgent - Incomplete fix for Apache Log4j vulnerability v2.15.0 Logstash	3	3597	January 19, 2022
CVE-2021-44228 aka log4shell is logstash and/or elasticsearch affected? Logstash	15	14026	January 12, 2022
Log4j vulnerability threat impact on Elasticsearch 2.3.4 and Logstash 2.3.4 Elastic Security	2	856	December 20, 2021

Elasticsearch&Logstash Log4j Vulnerabilities

Related topics