Information disclosure vulnerability in Elasticsearch - CVE-2021-22132 (rpm)ID: oval:org.secpod.oval:def:68545 | Date: (C)2021-01-29 (M)2022-05-12 |
Class: VULNERABILITY | Family: unix |
The host is installed with Elasticsearch 7.x before 7.10.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in the async search API. Successful exploitation could allow attackers to know the existence of documents but not be able to view. This could result in an attacker with the ability to read the .tasks index to obtain sensitive request headers of other users in the cluster.