x-pack-core is vulnerable to an information disclosure. Sensitive request headers of other users in the cluster are exposed to a user with the ability to read the .tasks
index due to a flawed implementation of async search API which allows users executing an async search to store the HTTP headers.
discuss.elastic.co/t/elasticsearch-7-10-2-security-update/261164
github.com/elastic/elasticsearch/commit/480561dbc3fd8c2c020f9d3d3887ae6e395313e0
security.netapp.com/advisory/ntap-20210219-0004/
www.elastic.co/guide/en/elasticsearch/reference/7.10/release-notes-7.10.2.html
www.oracle.com/security-alerts/cpuapr2022.html