HomePentest-Tools.com Logo

Elasticsearch 6.4.0, 6.4.1, 6.4.2 Information Disclosure Vulnerability - Windows CVE-2018-17244

Severity
CVSSv3 Score
6.5
Vulnerability description

Elasticsearch is prone to an information disclosure vulnerability.

Risk description

A request may receive headers intended for another request if the same username is being authenticated concurrently. When used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to.

Recommendation

Update to version 6.4.3.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 20, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available