Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Elastic Elasticsearch Memory Disclosure Vulnerability (ESA-2021-16)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Elasticsearch is prone to a memory disclosure vulnerability.
Insight
Insight
A memory disclosure vulnerability was identified in Elasticsearch's error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
Affected Software
Affected Software
Elasticsearch version 7.10.0 through 7.13.3.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 7.13.4 or later.