Elastic: >> Elasticsearch >> 6.8.0 Security Vulnerabilities
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.
CVSS Score
5.3
EPSS Score
0.022
Published
2019-10-30
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.
CVSS Score
5.9
EPSS Score
0.004
Published
2019-07-30
Page 2