Описание
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | elasticsearch | Not affected | ||
| Red Hat Fuse 7 | elasticsearch | Not affected | ||
| Red Hat JBoss Fuse 6 | elasticsearch | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.10 | elasticsearch | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | elasticsearch | Not affected | ||
| Red Hat OpenShift Container Platform 3.3 | elasticsearch | Not affected | ||
| Red Hat OpenShift Container Platform 3.4 | elasticsearch | Not affected | ||
| Red Hat OpenShift Container Platform 3.5 | elasticsearch | Not affected | ||
| Red Hat OpenShift Container Platform 3.6 | elasticsearch | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username ...
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
EPSS
3.7 Low
CVSS3