The vulnerability of the application programming interface of the Elasticsearch search engine allows a hacker to disclose protected information.

The vulnerability of the Elasticsearch search engine’s application programming interface is related to deficiencies in access control due to incorrect replication of cross-cluster key indexes. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...