Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-17244

Опубликовано: 06 нояб. 2018
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Decision Manager 7elasticsearchNot affected
Red Hat Fuse 7elasticsearchNot affected
Red Hat JBoss Fuse 6elasticsearchOut of support scope
Red Hat OpenShift Container Platform 3.10elasticsearchNot affected
Red Hat OpenShift Container Platform 3.11elasticsearchNot affected
Red Hat OpenShift Container Platform 3.2elasticsearchNot affected
Red Hat OpenShift Container Platform 3.3elasticsearchNot affected
Red Hat OpenShift Container Platform 3.4elasticsearchNot affected
Red Hat OpenShift Container Platform 3.5elasticsearchNot affected
Red Hat OpenShift Container Platform 3.6elasticsearchNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1661626elasticsearch: Information Exposure due to improper set request headers

EPSS

Процентиль: 75%
0.00863
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-17244

CVSS3: 6.5
ubuntu
около 7 лет назад

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to.

nvd логотип

CVE-2018-17244

CVSS3: 6.5
nvd
около 7 лет назад

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to.

debian логотип

CVE-2018-17244

CVSS3: 6.5
debian
около 7 лет назад

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the ...

github логотип

GHSA-vpqm-88c4-x4cv

CVSS3: 6.5
github
больше 3 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

EPSS

Процентиль: 75%
0.00863
Низкий

6.5 Medium

CVSS3