CVE-2019-7614

Опубликовано: 31 июл. 2019

Источник: redhat

CVSS3: 2

EPSS Низкий

Описание

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.

Меры по смягчению последствий

There is no mitigation for this issue, the flaw can only be resolved by applying updates.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Decision Manager 7	elasticsearch	Fix deferred
Red Hat Fuse 7	elasticsearch	Not affected
Red Hat JBoss Fuse 6	elasticsearch	Out of support scope
Red Hat OpenShift Container Platform 3.10	elasticsearch	Fix deferred
Red Hat OpenShift Container Platform 3.11	openshift3/ose-logging-elasticsearch5	Fix deferred
Red Hat OpenShift Container Platform 3.2	elasticsearch	Out of support scope
Red Hat OpenShift Container Platform 3.3	elasticsearch	Out of support scope
Red Hat OpenShift Container Platform 3.4	elasticsearch	Out of support scope
Red Hat OpenShift Container Platform 3.5	elasticsearch	Out of support scope
Red Hat OpenShift Container Platform 3.6	elasticsearch	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-362

https://bugzilla.redhat.com/show_bug.cgi?id=1747240elasticsearch: Race condition in response headers on systems with multiple submitting requests

EPSS

Процентиль: 48%

0.00247

Низкий

2 Low

CVSS3

Связанные уязвимости

CVE-2019-7614

CVSS3: 5.9

ubuntu

больше 6 лет назад

CVE-2019-7614

CVSS3: 5.9

nvd

больше 6 лет назад

CVE-2019-7614

CVSS3: 5.9

debian

больше 6 лет назад

A race condition flaw was found in the response headers Elasticsearch ...

GHSA-jqm6-m3j3-8gg9

CVSS3: 5.9

github

больше 3 лет назад

Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch

EPSS

Процентиль: 48%

0.00247

Низкий

2 Low

CVSS3