CVE-2020-7021
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
Las versiones de Elasticsearch versiones anteriores a 7.10.0 y 6.8.14, presentan un problema de divulgación de información cuando se habilita el registro de auditoría y la opción emit_request_body. El registro de auditoría de Elasticsearch podría contener información confidencial como un hash de contraseña o tokens de autenticación. Esto podría permitir a un administrador de Elasticsearch visualizar estos detalles
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-14 CVE Reserved
- 2021-02-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20210319-0003 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915 | 2021-03-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Elastic Search vendor "Elastic" | Elasticsearch Search vendor "Elastic" for product "Elasticsearch" | < 6.8.14 Search vendor "Elastic" for product "Elasticsearch" and version " < 6.8.14" | - |
Affected
| ||||||
Elastic Search vendor "Elastic" | Elasticsearch Search vendor "Elastic" for product "Elasticsearch" | >= 7.0.0 < 7.10.0 Search vendor "Elastic" for product "Elasticsearch" and version " >= 7.0.0 < 7.10.0" | - |
Affected
|