CVE-2021-22132

Опубликовано: 14 янв. 2021

Источник: redhat

CVSS3: 4.8

EPSS Низкий

Описание

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Decision Manager 7	elasticsearch	Will not fix
Red Hat Fuse 7	elasticsearch	Fix deferred
Red Hat JBoss Fuse 6	elasticsearch	Out of support scope
Red Hat OpenShift Container Platform 3.11	openshift3/ose-logging-elasticsearch5	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-logging-elasticsearch5	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-logging-elasticsearch6	Not affected
Red Hat Process Automation 7	elasticsearch	Will not fix
RHAF Camel-K 1.8	elasticsearch	Fixed	RHSA-2022:6407	09.09.2022
RHINT Camel-Q 2.7	elasticsearch	Fixed	RHSA-2022:5606	19.07.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-522

https://bugzilla.redhat.com/show_bug.cgi?id=1923181elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure

EPSS

Процентиль: 61%

0.00411

Низкий

4.8 Medium

CVSS3

Связанные уязвимости

CVE-2021-22132

CVSS3: 4.8

ubuntu

около 5 лет назад

CVE-2021-22132

CVSS3: 4.8

nvd

около 5 лет назад

CVE-2021-22132

CVSS3: 4.8

debian

около 5 лет назад

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosu ...

GHSA-5fvx-2jj3-6mff

CVSS3: 4.8

github

почти 5 лет назад

Insufficiently Protected Credentials in Elasticsearch

EPSS

Процентиль: 61%

0.00411

Низкий

4.8 Medium

CVSS3