Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-30
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.
Products | Elasticsearch |
Type | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) |
First patch | - None (likely due to unavailable code) |
Links | https://www.elastic.co/community/security/ |