ROOT-APP-MAVEN-CVE-2025-68390 CVE-2025-68390 in io.root.org.elasticsearch.plugin:x-pack-core - Patched by Root

Root has patched CVE-2025-68390 in the io.root.org.elasticsearch.plugin:x-pack-core package for Root:Maven. Multiple fixed versions available...

net.sc8s:elastic-testkit_2.13 (>=0.102.0 <=0.108.0), org.elasticsearch.plugin:transport-netty4 (>=9.0.0 <=9.1.10) +4 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch-ssl-config (>=9.0.0-beta1 <=9.1.7)

org.elasticsearch:elasticsearch-ssl-config MAVEN version =9.0.0-beta1, =0.102.0, =9.0.0, =9.0.0, =9.1.4, =9.0.0, =9.0.0, =9.1.10 Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14417579...

Information Disclosure

x-pack-core is vulnerable to an information disclosure. Sensitive request headers of other users in the cluster are exposed to a user with the ability to read the .tasks index due to a flawed implementation of async search API which allows users executing an async search to store the HTTP headers...