5 matches found
Design/Logic Flaw
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the snapshot API...
CVE-2018-3826
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the snapshot API...
CVE-2018-3826
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the snapshot API...
CVE-2018-3826
CVE-2018-3826 affects Elasticsearch 6.0.0-beta1 through 6.2.4. A disclosure flaw in the _snapshot API allows plain-text exposure of the access_key and security_key when these parameters are used with the API. The impact is information disclosure (confidentiality). Some connected sources reiterate...
Elasticsearch ESA-2018-10
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the snapshot API.Although it is advised in the 6.X snapshot API...