Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2
CVSS Information
N/A
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
Elastic 资源管理错误漏洞
Vulnerability Description
Elastic是荷兰Elastic公司的一套基于Lucene构建的开源分布式RESTful搜索引擎。该产品主要应用于云计算,并支持通过HTTP使用JSON进行数据索引。 Elastic search versions 7.7.0 to 7.10.1 存在资源管理错误漏洞,该漏洞源于具有读取.tasks索引能力的用户可以获得集群中其他用户的敏感请求头。
CVSS Information
N/A
Vulnerability Type
N/A