Veracode Vulnerability DatabaseVERACODE:44067Sensitive Information Disclosure
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%
org.elasticsearch: elasticsearch is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is caused by a failure to filter out sensitive information and credentials before logging to the audit log when requests to Elasticsearch use certain deprecated URIs for APIs. This can lead to sensitive information such as passwords and tokens getting printed in cleartext to Elasticsearch audit logs.
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%