Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Elasticsearch Alerting and Monitoring 信息泄露漏洞
Vulnerability Description
Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎,它主要用于云计算中,并支持通过HTTP使用JSON进行数据索引。Alerting and Monitoring是其中的报警和监控组件。 Elasticsearch Alerting and Monitoring 6.4.1之前版本和5.6.12之前版本中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感的配置信息,例如密码,令牌或用户名。
CVSS Information
N/A
Vulnerability Type
N/A