CVE-2019-7614
Description
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.247
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-7614 are fixed in Elasticsearch Core 6.8.2 | Windows |
| Vulnerabilities CVE-2019-7614 are fixed in Elasticsearch Core 7.2.1 | Windows |
| Vulnerabilities CVE-2019-7614 are fixed in Elasticsearch Core for Linux 6.8.2 | Linux |
| Vulnerabilities CVE-2019-7614 are fixed in Elasticsearch Core for Linux 7.2.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234