Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.
CVSS Information
N/A
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
Elasticsearch 竞争条件问题漏洞
Vulnerability Description
Elasticsearch是一个基于Lucene库的搜索引擎。 Elasticsearch 7.2.1之前版本和6.8.2之前版本中存在竞争条件问题漏洞。攻击者可利用该漏洞获取含有其他用户敏感信息的响应头的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A