elasticsearch-benchmark-tool
elasticsearch-benchmark-tool copied to clipboard
logzio
CVE-2019-7614 (Medium) detected in elasticsearch-2.4.0.jar
CVE-2019-7614 - Medium Severity Vulnerability
Vulnerable Library - elasticsearch-2.4.0.jar
Elasticsearch - Open Source, Distributed, RESTful Search Engine
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/parent/elasticsearch
Path to dependency file: /tmp/ws-scm/elasticsearch-benchmark-tool/pom.xml
Path to vulnerable library: epository/org/elasticsearch/elasticsearch/2.4.0/elasticsearch-2.4.0.jar
Dependency Hierarchy:
- :x: elasticsearch-2.4.0.jar (Vulnerable Library)
Vulnerability Details
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.
Publish Date: 2019-07-30
URL: CVE-2019-7614
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7614
Release Date: 2019-07-30
Fix Resolution: org.elasticsearch:elasticsearch:6.8.2,7.2.1
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "Published by a pub.dev verified publisher"){kind=small}