CVE-2021-22132

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-22132
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22132.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-22132
Aliases
Related
Withdrawn
2024-05-08T06:50:52.302165Z
Published
2021-01-14T20:15:13Z
Modified
2023-12-06T00:45:48.528422Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Introduced
81a1e9eda8e6183f5237786246f6dced26a10eaf
Fixed
747e1cc71def077253878a59143c1f785afa92b9