Lucene search
K

4 matches found

OpenVAS
OpenVAS
added 2018/10/09 12:0 a.m.33 views

Elasticsearch '_snapshot API' Information Disclosure Vulnerability - Linux

Elasticsearch is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.3AI score0.00692EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/09/19 7:29 p.m.35 views

CVE-2018-3826

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the snapshot API...

6.5CVSS6.6AI score0.00692EPSS
Exploits0References3
CVE
CVE
added 2018/09/19 7:0 p.m.61 views

CVE-2018-3826

CVE-2018-3826 affects Elasticsearch 6.0.0-beta1 through 6.2.4. A disclosure flaw in the _snapshot API allows plain-text exposure of the access_key and security_key when these parameters are used with the API. The impact is information disclosure (confidentiality). Some connected sources reiterate...

6.5CVSS6.2AI score0.00692EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/08/22 12:0 a.m.114 views

Elasticsearch ESA-2018-10

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the snapshot API.Although it is advised in the 6.X snapshot API...

6.5CVSS6.4AI score0.00692EPSS
Exploits0References2
Rows per page
Query Builder