HomePentest-Tools.com Logo

Elastic Elasticsearch Username Disclosure Vulnerability (ESA-2019-13) CVE-2019-7619

Severity
CVSSv3 Score
5.3
Vulnerability description

Elasticsearch is prone to a username disclosure vulnerability.

Risk description

A username disclosure flaw was found in Elasticsearchs API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

Recommendation

Update to version 6.8.4, 7.4.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 30, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available