Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908 | Vendor Advisory |
https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831 | Vendor Advisory |
https://www.elastic.co/community/security | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: elastic
Published: 2019-10-30T13:37:42
Updated: 2019-10-30T13:37:42
Reserved: 2019-02-07T00:00:00
Link: CVE-2019-7619
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-30T14:15:11.380
Modified: 2021-11-03T19:35:03.303
Link: CVE-2019-7619
JSON object: View
Redhat Information
No data.