CVE-2020-7021

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-7021

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7021.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7021

Aliases

Downstream

UBUNTU-CVE-2020-7021

Published

2021-02-10T19:15:11.870Z

Modified

2026-02-13T02:13:33.204987Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dab5822e9f9888f3e71aaca22e1faecce73706f6

Introduced

b7e28a7232616c7a21bc879a535d801b8553ba77

Fixed

51e9d6f22758d0374a0f3f5c6e8f3a7997850f96

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7021.json"

vanir_signatures

[
    {
        "id": "CVE-2020-7021-07e3bb07",
        "target": {
            "file": "modules/transport-netty4/src/main/java/org/elasticsearch/transport/netty4/Netty4MessageChannelHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "268997078804005174255569798865399237030",
                "109403397437348896924336403525721221936",
                "198410687984877965664898292069908028259",
                "297892409172090963777650848754103467261",
                "298825353248397998107841107553434174637",
                "336028841115920710035952724287474544660",
                "21742853618696865873822403544703479645",
                "111652139543962017655875209219100508625",
                "230844076275044295500140299502616471108",
                "53770624121402076004983559764244651550",
                "306504388004277895675251176316276528315",
                "190316084661162340554578342328964873768",
                "146374794835008814945138877733232611244",
                "245955922968003254364760840369643595104",
                "269540972092999234993862207964116201506",
                "159090678076835357127333465865239074084",
                "320131717432604092090572732754957087131",
                "32878737280753568222472345261102106526",
                "288412440250575150617361494111890021260",
                "87157625615854704587269865110653183146",
                "272869521237676321679763652801714957849",
                "12551699881849096664270984529423249545",
                "172565367566464432748362038411931366640",
                "167276579128204719469917943580754913444",
                "284253580561052450852164428286997683101",
                "245678321843638594279531816641192428876",
                "87332810935775634718603141929610924035",
                "47223032902245378779939772955846763715",
                "204202103980161318910850296421135592252",
                "263685702127709149827400396509768317055",
                "291155748749950296789577340940238462271",
                "217579520195481742584940800761646426038",
                "234471926558252841896106268715211467590",
                "191546823842703052347451419925473516691",
                "308325424316874710407059483806801250946",
                "132865454950063320304210917016051016478",
                "106279866092861568411858809006644895175",
                "61692976140167248141055917935137153201",
                "201948969403637196190681774079604505301",
                "18188109784524215106758556535505042224",
                "143238527724013529404027871830359496176",
                "172488377398659146827349204061048549378",
                "285228171852727272805837959152540767286",
                "117602056813493618488099666354999824825",
                "42769044129934917560511554774869559538",
                "83655793043119684607469936427068192814",
                "9067146894467268838958937847249637655",
                "225046728670521296870996676219598062339",
                "56869024989223128373360061388767916718",
                "231428605700115980273555387497380460653",
                "261326512141761517567944435200807725187",
                "299080537460193699494497816385726163109",
                "265043592604591642141381668050780332119",
                "56375918426864958438796282263278483859",
                "64541454446002843029290523385914459209",
                "275392047970116312142852669540715658989",
                "308103377412993281494092749932719036784",
                "48868431962667541828378575383337284269",
                "129751541529077078840790477541678456895",
                "108508946810936983875021909161655254231",
                "101449562437641431769018867527595469676",
                "200664178447271004554303587556992870290",
                "292555142333477832874072853759375960197",
                "173759721605544006931433005860468460128",
                "21209268279937977604548877571991275767"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2020-7021-09432510",
        "target": {
            "function": "sendMessage",
            "file": "test/framework/src/main/java/org/elasticsearch/transport/nio/MockNioTransport.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "327782705255806138456798599921439707304",
            "length": 244.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-3efa1907",
        "target": {
            "function": "flush",
            "file": "modules/transport-netty4/src/main/java/org/elasticsearch/transport/netty4/Netty4MessageChannelHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "69906595001044739044878861257576346742",
            "length": 260.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-42e17656",
        "target": {
            "function": "get",
            "file": "server/src/main/java/org/elasticsearch/transport/OutboundHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "56242562225156511486013116096245896321",
            "length": 177.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-431cce40",
        "target": {
            "function": "innerOnFailure",
            "file": "server/src/main/java/org/elasticsearch/transport/OutboundHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "304881006564712033073960838058135016425",
            "length": 379.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-535cdc5e",
        "target": {
            "function": "sendMessage",
            "file": "test/framework/src/main/java/org/elasticsearch/transport/FakeTcpChannel.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "104259691865081820825493215179466185910",
            "length": 194.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-558eb381",
        "target": {
            "file": "server/src/main/java/org/elasticsearch/transport/OutboundHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "135187579940644609346227611792711881600",
                "248351000564786148212936782825413262399",
                "334232443136801705629602857281176971982",
                "27987554114568219411497119929192750767",
                "62444165695590450817676516917020494844",
                "99333347130166406426640339999617756373",
                "314593459609254122961028605382915236415",
                "215419682331337160898158541115099532119",
                "88440143533502986938833299021430163532",
                "264100101768071164680287466782874171910",
                "104290229278913662260422274118368815567",
                "112259828423944702955958095680934692773",
                "111912929650303673724948530946581986986",
                "237231673658821205878808099202220289256",
                "158472526772085742670396609683827845056",
                "4253773416702271456251600831075487693",
                "331802843326773096952530789857034903982",
                "480702371238351154586803530850325344",
                "312099777296323447834329121953488357435",
                "81675977585337378847950694251249905209",
                "293912247845176176048138376371381152",
                "286319966455883729938692808126311372308",
                "245306497558036411922498621807364386010",
                "186685621585601797149057415474517181498",
                "138818923240884220584064796724484081105",
                "189005552401695604362925835364940476334",
                "200768253134544356125013927325231557968",
                "332404435040323256957370336232212136618",
                "182391087685616260423717113705186545424",
                "202646844861030357955412640711643452169",
                "170658215002469635027310133333972900884",
                "43847453225204320995987400134207023774",
                "236246165834328303462188350979788783648",
                "233438847286373121389182654699220509882",
                "226479699022757104238918604912598238059",
                "10254030378364647115817700226259518772",
                "85224471448885047870674656209564432974",
                "92970310486898789269465515553772942700",
                "151760245114894924766416111741707296466",
                "139586389227073256066322871467629965695",
                "39077058457455413444182144224707471787",
                "202526606503174309956428943535559183839",
                "35979102368244974087908559143658793141",
                "54983492441805232644248661005674247525",
                "77979707466135765470719089041738581819",
                "121312925128638768104624048518170195558",
                "310672928333003040677730785755107414057",
                "164556858883387004424103958462024650683",
                "220896544661844393686614861509082176249",
                "335648418368347340893296877149669152248",
                "302221345752962426781315452630079278980",
                "218880842282900199771967859657230475054",
                "263282340971483946466175872545372612122"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2020-7021-5fc18b95",
        "target": {
            "function": "internalSend",
            "file": "server/src/main/java/org/elasticsearch/transport/OutboundHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "257336950779280437056214737873653081670",
            "length": 346.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-6443e5f5",
        "target": {
            "function": "doFlush",
            "file": "modules/transport-netty4/src/main/java/org/elasticsearch/transport/netty4/Netty4MessageChannelHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "82624612568463376186176918830734747395",
            "length": 1572.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-74c49445",
        "target": {
            "file": "qa/evil-tests/src/test/java/org/elasticsearch/common/logging/EvilLoggerTests.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/dab5822e9f9888f3e71aaca22e1faecce73706f6",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "255197535895443116222936262136408716648",
                "90670955376048539255834498946352334443",
                "125167504080401541266828462553417012235",
                "311821267650426713929388101794366743020",
                "164373887868410018747831785781124426823",
                "185440133202966994174180855222941834801",
                "125191772482488877176007647962001274766",
                "186256591335945945528113032446394075349",
                "139805417239431110798783350126742065135",
                "318418129027305652429332865877094189250",
                "120582036859537282564416115328722181131",
                "65493432655785699696504711542864394439",
                "93464077854977014787141075807118099482",
                "865809226680245412498159110187397799",
                "318339575657962422795792255484244237460",
                "76352814783110636581173462296753932145",
                "103312185397192106588256556752288384787",
                "53094667466581655897103522847551901510",
                "221641172670460537160441698232789729503",
                "189875582949255175771156076737239083821",
                "329318908417628638570908498769411838212",
                "187646128551268085610401439905379562317"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2020-7021-753e2166",
        "target": {
            "function": "sendBytes",
            "file": "server/src/main/java/org/elasticsearch/transport/OutboundHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "192843887751345265773851082221866700832",
            "length": 146.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-7a3ff842",
        "target": {
            "function": "sendMessage",
            "file": "modules/transport-netty4/src/main/java/org/elasticsearch/transport/netty4/Netty4TcpChannel.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "319028252078982037251623383206831935750",
            "length": 237.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-7c6bc8c9",
        "target": {
            "file": "plugins/transport-nio/src/main/java/org/elasticsearch/transport/nio/NioTcpChannel.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "246985252354485652351257405973375908138",
                "231863113771440315481651041306796822663",
                "94798528757326034284773331852145668532",
                "149812708133834334279575721178763851263",
                "213456477297387579328603340208152791170",
                "319197921048062059369386377292397390067",
                "310580912832230485629766076706635553208",
                "231073406722513145403475402851147607578",
                "90364919579616521223991001779179704787",
                "170529027980772968655602657310345970753",
                "182856033336348611692876165653385055789",
                "320630231067302109338140995250708451979",
                "19392969480660632351248715215199692455",
                "59094002153072094760969378618267739230",
                "72030622998024224673292933158942176153",
                "30397166570270158694598403219106860832",
                "14498309554671790096915760546714346435",
                "175629576506968233930155537647365333407",
                "253619767306249072308274653302690873048"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2020-7021-936c2227",
        "target": {
            "file": "modules/transport-netty4/src/main/java/org/elasticsearch/transport/netty4/Netty4TcpChannel.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "41546636505197873121861234132535971859",
                "98384024577572263388587334760410238809",
                "273823760213106072862588304245815885523",
                "89592860511568996108564712561867433055",
                "57207242645131277022086754093211709652",
                "298556360774527174706789829398559864140",
                "238157546534418528819348759969491080579",
                "44304069468602558767491144476155501260",
                "252535183705819379049454097330390637713",
                "60226488017372854841992895437289021161",
                "4090656905403910704657674896649549854",
                "204980458153139850614524621426654297808",
                "139350127242933623530808926159759178571"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2020-7021-9c76928d",
        "target": {
            "file": "test/framework/src/main/java/org/elasticsearch/transport/nio/MockNioTransport.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "302888701242397921734969906044322687743",
                "298495846468615365540850016952554344871",
                "202402552043350981778835223602782451269",
                "314685012250384850381343729110701509009",
                "285784221316796893858684571549886245935",
                "90364919579616521223991001779179704787",
                "170529027980772968655602657310345970753",
                "182856033336348611692876165653385055789",
                "320630231067302109338140995250708451979",
                "19392969480660632351248715215199692455",
                "59094002153072094760969378618267739230",
                "72030622998024224673292933158942176153",
                "30397166570270158694598403219106860832",
                "14498309554671790096915760546714346435",
                "313666383152391926074552194742077147673",
                "97623386761566224235967838301622605740"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2020-7021-9fe18018",
        "target": {
            "function": "testDeprecatedSettings",
            "file": "qa/evil-tests/src/test/java/org/elasticsearch/common/logging/EvilLoggerTests.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/dab5822e9f9888f3e71aaca22e1faecce73706f6",
        "digest": {
            "function_hash": "93266367517326608161691915619165762338",
            "length": 1044.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-b27e3449",
        "target": {
            "function": "get",
            "file": "server/src/main/java/org/elasticsearch/transport/OutboundHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "162050827738953687625053886561813599577",
            "length": 306.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-ba6d4b07",
        "target": {
            "function": "channelWritabilityChanged",
            "file": "modules/transport-netty4/src/main/java/org/elasticsearch/transport/netty4/Netty4MessageChannelHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "25120119939487260699997141316990885547",
            "length": 219.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-bfe9b676",
        "target": {
            "file": "server/src/main/java/org/elasticsearch/transport/TcpChannel.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "124982783233050365039244866866687715483",
                "225657467226074892225735049170608687079",
                "320981347395236222008154406429365245886",
                "339408002039811103151825108733862834892",
                "88847034849328777541847135349427160706",
                "129447051019843016739626797299516295584"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2020-7021-c849b344",
        "target": {
            "file": "test/framework/src/main/java/org/elasticsearch/transport/FakeTcpChannel.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "222096667891539953803118477699998499579",
                "131086512625745271931426320746352374304",
                "51956257996449849865719975550051518702",
                "306980260643322676876334173408883759940",
                "151751080685751592014915569239523933250",
                "169809815617656941175897165481206929344",
                "69815953831991440484963898283597145608",
                "193515289639143137386376666582028032511",
                "47235216135140606831883702320832759587",
                "14888188992725909674276508844005275585",
                "72030622998024224673292933158942176153",
                "178706368873320086044982290880273016195",
                "310286195895906033139383561206928033671",
                "141736495400835038905817501433607549816",
                "200075451359482752348980288513123477970"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2020-7021-c970709b",
        "target": {
            "function": "sendMessage",
            "file": "plugins/transport-nio/src/main/java/org/elasticsearch/transport/nio/NioTcpChannel.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "327782705255806138456798599921439707304",
            "length": 244.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-7021-e8582fc5",
        "target": {
            "function": "buffer",
            "file": "modules/transport-netty4/src/main/java/org/elasticsearch/transport/netty4/Netty4MessageChannelHandler.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/elastic/elasticsearch/commit/51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",
        "digest": {
            "function_hash": "226757396340553433886291323903649934368",
            "length": 177.0
        },
        "signature_type": "Function"
    }
]