Published on: 07/21/2021 12:00:00 AM UTC
Last Modified on: 07/23/2021 06:15:00 PM UTC
The following vulnerability was found:
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
- CVE-2021-22145 has been assigned by [email protected] to track the vulnerability
|Elasticsearch 7.13.4 Security Update - Security Announcements - Discuss the Elastic Stack|| discuss.elastic.co |
|ElasticSearch 7.13.3 Memory Disclosure ≈ Packet Storm|| packetstormsecurity.com |