NotCVE - vendor:"Elastic" product:"Elasticsearch" version:" >= 7.10.0 <= 7.13.3"

Page 4 of 17 results (0.004 seconds)

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-7021

https://notcve.org/view.php?id=CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details. Las versiones de Elasticsearch versiones anteriores a 7.10.0 y 6.8.14, presentan un problema de divulgación de información cuando se habilita el registro de auditoría y la opción emit_request_body. El registro de auditoría de Elasticsearch podría contener información confidencial como un hash de contraseña o tokens de autenticación. • https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915 https://security.netapp.com/advisory/ntap-20210319-0003 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-22132 – elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure

https://notcve.org/view.php?id=CVE-2021-22132

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2 Elasticsearch versiones 7.7.0 hasta 7.10.1, contienen un fallo de divulgación de información en la API de búsqueda asíncrona. Los usuarios que ejecutan una búsqueda asíncrona almacenarán inapropiadamente los encabezados HTTP. • https://discuss.elastic.co/t/elasticsearch-7-10-2-security-update/261164 https://security.netapp.com/advisory/ntap-20210219-0004 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2021-22132 https://bugzilla.redhat.com/show_bug.cgi?id=1923181 • CWE-522: Insufficiently Protected Credentials •

1 2 3 4