UBUNTU-CVE-2021-22132

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-22132

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-22132.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-22132

Related

CVE-2021-22132

Published

2021-01-14T20:15:00Z

Modified

2024-10-15T14:08:01Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2

References

Affected packages

Ubuntu:Pro:16.04:LTS / elasticsearch

Package

Name: elasticsearch
Purl: pkg:deb/ubuntu/elasticsearch?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.2+dfsg-1

1.7.3+dfsg-1

1.7.3+dfsg-2

1.7.3+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}