GHSA-VPQM-88C4-X4CV Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...