Lucene search
GoogleOSV:GHSA-R9FV-QPM9-RJ4GHistoryMay 13, 2022 - 1:27 a.m.
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-1301:27:27
Google
osv.dev
8
0.001 Low
EPSS
Percentile
34.0%
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
Related
cvelist
cvelist
CVE-2018-3831
2018-09-19 19:00:00
osv
osv
CVE-2018-3831
2018-09-19 19:29:01
prion
prion
Information disclosure
2018-09-19 19:29:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-13 01:27:27
nvd
nvd
CVE-2018-3831
2018-09-19 19:29:01
nessus
nessus
Elasticsearch ESA-2018-15
2018-09-24 00:00:00
Photon OS 1.0: Elasticsearch PHSA-2019-1.0-0205
2019-03-18 00:00:00
cve
cve
CVE-2018-3831
2018-09-19 19:29:01
ubuntucve
ubuntucve
CVE-2018-3831
2018-09-19 00:00:00
openvas
openvas
redhatcve
redhatcve
CVE-2018-3831
2018-09-24 20:50:41
veracode
veracode
Information Disclosure
2018-09-26 06:29:44
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0116
2018-12-26 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-1.0-0205
2019-02-04 00:00:00
Critical Photon OS Security Update - PHSA-2019-0205
2019-02-04 00:00:00
redhat
redhat
(RHSA-2020:3192) Important: Red Hat Fuse 7.7.0 release and security update
2020-07-28 15:50:16