Elasticsearch 8.18.8, 8.19.5, 9.0.8, 9.1.5 Security Update (ESA-2025-18)

Elasticsearch Insertion of sensitive information in log file ESA-2025-18 Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API Affected Versions: 7.x: All versions from 7.0.0 and u...

Linux Distros Unpatched Vulnerability : CVE-2020-7021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The...

SUSE CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

...

UBUNTU-CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

Elastic Stack 7.11.0 and 6.8.14 Security Update

Elasticsearch information disclosure ESA-2021-03 Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or...

PT-2021-12634 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.10.0 Elasticsearch versions prior to 6.8.14 Description: The issue is related to an information disclosure problem when audit logging and the emit request body option are enabled. This could lead to the...