Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Elasticsearch 安全漏洞
Vulnerability Description
Elasticsearch是一个基于Lucene库的搜索引擎。 Elasticsearch 7.0.0 到 7.17.16、8.0.0 到8.11.2版本存在安全漏洞,该漏洞源于当观察者在搜索 DEBUG 日志级别记录时,可能会导致存储在 Elasticsearch 中的文档的原始内容被打印在日志中。
CVSS Information
N/A
Vulnerability Type
N/A