Lucene search
Veracode Vulnerability DatabaseVERACODE:29760HistoryMar 19, 2021 - 5:35 a.m.
Information Disclosure
2021-03-1905:35:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.001 Low
EPSS
Percentile
35.3%
x-pack-core is vulnerable to an information disclosure. Sensitive request headers of other users in the cluster are exposed to a user with the ability to read the .tasks index due to a flawed implementation of async search API which allows users executing an async search to store the HTTP headers.
References
discuss.elastic.co/t/elasticsearch-7-10-2-security-update/261164
github.com/elastic/elasticsearch/commit/480561dbc3fd8c2c020f9d3d3887ae6e395313e0
security.netapp.com/advisory/ntap-20210219-0004/
www.elastic.co/guide/en/elasticsearch/reference/7.10/release-notes-7.10.2.html
www.oracle.com/security-alerts/cpuapr2022.html
Related
github
github
Insufficiently Protected Credentials in Elasticsearch
2021-03-18 19:27:27
osv
osv
BIT-elasticsearch-2021-22132
2024-03-06 10:54:05
Insufficiently Protected Credentials in Elasticsearch
2021-03-18 19:27:27
CVE-2021-22132
2021-01-14 20:15:13
ibm
ibm
Security Bulletin: Vulnerability affects IBM Observability with Instana
2022-01-11 20:10:06
prion
prion
Information disclosure
2021-01-14 20:15:00
ubuntucve
ubuntucve
CVE-2021-22132
2021-01-14 00:00:00
redhatcve
redhatcve
CVE-2021-22132
2021-02-01 15:13:12
nvd
nvd
CVE-2021-22132
2021-01-14 20:15:13
cve
cve
CVE-2021-22132
2021-01-14 20:15:13
openvas
openvas
Elastic Elasticsearch Information Disclosure Vulnerability (ESA-2021-01)
2021-01-25 00:00:00
cvelist
cvelist
CVE-2021-22132
2021-01-14 19:20:12
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00