Race Condition Vulnerability in Elasticsearch Versions Before 7.2.1 and 6.8.2 Allows Unauthorized Access to Response Headers

Race Condition Vulnerability in Elasticsearch Versions Before 7.2.1 and 6.8.2 Allows Unauthorized Access to Response Headers

CVE-2019-7614 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.

Learn more about our User Device Pen Test.