Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-7021

Опубликовано: 10 фев. 2021
Источник: redhat
CVSS3: 1.9

Описание

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Decision Manager 7elasticsearchFix deferred
Red Hat Fuse 7elasticsearchNot affected
Red Hat Integration Camel K 1elasticsearchNot affected
Red Hat JBoss Fuse 6elasticsearchOut of support scope
Red Hat OpenShift Container Platform 3.11openshift3/ose-logging-elasticsearch5Not affected
Red Hat OpenShift Container Platform 4openshift4/ose-logging-elasticsearch5Not affected
Red Hat OpenShift Container Platform 4openshift4/ose-logging-elasticsearch6Not affected
Red Hat Process Automation 7elasticsearchFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-532->CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1927480elasticsearch: Information disclosure via audit logging with emit_request_body option enabled

1.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-7021

CVSS3: 4.9
ubuntu
почти 5 лет назад

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

nvd логотип

CVE-2020-7021

CVSS3: 4.9
nvd
почти 5 лет назад

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

msrc логотип

CVE-2020-7021

CVSS3: 4.9
msrc
около 4 лет назад

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

debian логотип

CVE-2020-7021

CVSS3: 4.9
debian
почти 5 лет назад

Elasticsearch versions before 7.10.0 and 6.8.14 have an information di ...

github логотип

GHSA-cqgv-256r-m9r8

CVSS3: 4.9
github
больше 3 лет назад

Insertion of Sensitive Information into Log File in Elasticsearch

1.9 Low

CVSS3