Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query execution by a low-privilege user and a high-privilege user. The former query might run with the latter query's privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Siren Federate 安全漏洞
Vulnerability Description
Siren Federate是爱尔兰Siren公司的一个应用程序。扩展了Elasticsearch API,从而添加了高性能和可扩展的联接。 Siren Federate存在安全漏洞,该漏洞在低权限用户和高权限用户同时执行查询时会跨线程上下文泄漏用户信息。以下产品及版本收到影响:Siren Federate 6.8.14-10.3.9、Siren Federate 6.9.x-7.6.x、Siren Federate 7.7.x-7.9.x、Siren Federate 7.10.x-7.11.2、7.1
CVSS Information
N/A
Vulnerability Type
N/A