Описание
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
Ссылки
- MitigationVendor Advisory
- Vendor Advisory
- MitigationVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6. ...
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
EPSS
8.8 High
CVSS3
4 Medium
CVSS2