Описание
Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-37727
- https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db
- https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453
- https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html
Пакеты
org.elasticsearch:elasticsearch
>= 7.0.0, < 8.18.8
8.18.8
org.elasticsearch:elasticsearch
>= 8.19.0, < 8.19.5
8.19.5
org.elasticsearch:elasticsearch
>= 9.0.0-beta1, < 9.0.8
9.0.8
org.elasticsearch:elasticsearch
>= 9.1.0, < 9.1.5
9.1.5
Связанные уязвимости
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Insertion of sensitive information in log file in Elasticsearch can le ...