Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-22145

Опубликовано: 20 июл. 2021
Источник: redhat
CVSS3: 7.3
EPSS Средний

Описание

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.

A memory disclosure flaw was found in Elasticsearch’s error reporting. A user who can submit arbitrary queries to Elasticsearch could submit a malformed query that results in an error message returned that contains previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel8Not affected
OpenShift Service Mesh 1servicemesh-grafanaNot affected
OpenShift Service Mesh 2.0servicemesh-grafanaNot affected
Red Hat Decision Manager 7elasticsearchNot affected
Red Hat Fuse 7elasticsearchNot affected
Red Hat Integration Camel K 1elasticsearchNot affected
Red Hat JBoss Data Grid 6elasticsearchNot affected
Red Hat JBoss Fuse 6elasticsearchNot affected
Red Hat JBoss Fuse Service Works 6elasticsearchNot affected
Red Hat OpenShift Container Platform 3.11openshift3/ose-logging-elasticsearch5Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1985039elasticsearch: memory disclosure in error reporting

EPSS

Процентиль: 99%
0.67928
Средний

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-22145

CVSS3: 6.5
ubuntu
больше 4 лет назад

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.

nvd логотип

CVE-2021-22145

CVSS3: 6.5
nvd
больше 4 лет назад

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.

debian логотип

CVE-2021-22145

CVSS3: 6.5
debian
больше 4 лет назад

A memory disclosure vulnerability was identified in Elasticsearch 7.10 ...

github логотип

GHSA-q394-h7f5-7f44

CVSS3: 6.5
github
больше 3 лет назад

Generation of Error Message Containing Sensitive Information in Elasticsearch

EPSS

Процентиль: 99%
0.67928
Средний

7.3 High

CVSS3