2 matches found
Elasticsearch Information Disclosure Vulnerability (CNVD-2021-03548)
Elasticsearch is a search engine based on the Lucene library. An information disclosure vulnerability exists in the asynchronous search API in Elasticsearch 7.7.0 - 7.10.1. The vulnerability stems from the fact that users performing asynchronous searches will incorrectly store HTTP headers. An...
PT-2021-14860 · Elastic · Elasticsearch
Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 7.7.0 through 7.10.1 Description: The issue is an information disclosure flaw in the async search API. When an async search is executed, HTTP headers are improperly stored. An Elasticsearch user with read access to the...