GHSA-jqm6-m3j3-8gg9

Suggest an improvement
Source
https://github.com/advisories/GHSA-jqm6-m3j3-8gg9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jqm6-m3j3-8gg9/GHSA-jqm6-m3j3-8gg9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jqm6-m3j3-8gg9
Aliases
Published
2022-05-24T16:51:49Z
Modified
2024-02-20T05:34:42.806954Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch
Details

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.

References

Affected packages

Maven / org.elasticsearch:elasticsearch

Package

Name
org.elasticsearch:elasticsearch
View open source insights on deps.dev
Purl
pkg:maven/org.elasticsearch/elasticsearch

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.8.2

Affected versions

0.*

0.6.0
0.7.0
0.7.1
0.8.0
0.9.0
0.10.0
0.11.0
0.12.0
0.12.1
0.13.0
0.13.1
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.16.5
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.17.7
0.17.8
0.17.9
0.17.10
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.18.5
0.18.6
0.18.7
0.19.0.RC1
0.19.0.RC2
0.19.0.RC3
0.19.0
0.19.1
0.19.2
0.19.3
0.19.4
0.19.5
0.19.6
0.19.7
0.19.8
0.19.9
0.19.10
0.19.11
0.19.12
0.20.0.RC1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.20.5
0.20.6
0.90.0.Beta1
0.90.0.RC1
0.90.0.RC2
0.90.0
0.90.1
0.90.2
0.90.3
0.90.4
0.90.5
0.90.6
0.90.7
0.90.8
0.90.9
0.90.10
0.90.11
0.90.12
0.90.13

1.*

1.0.0.Beta1
1.0.0.Beta2
1.0.0.RC1
1.0.0.RC2
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.4.0.Beta1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
1.6.2
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6

2.*

2.0.0-beta1
2.0.0-beta2
2.0.0-rc1
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6

5.*

5.0.0-alpha1
5.0.0-alpha2
5.0.0-alpha3
5.0.0-alpha4
5.0.0-alpha5
5.0.0-beta1
5.0.0-rc1
5.0.0
5.0.1
5.0.2
5.1.1
5.1.2
5.2.0
5.2.1
5.2.2
5.3.0
5.3.1
5.3.2
5.3.3
5.4.0
5.4.1
5.4.2
5.4.3
5.5.0
5.5.1
5.5.2
5.5.3
5.6.0
5.6.1
5.6.2
5.6.3
5.6.4
5.6.5
5.6.6
5.6.7
5.6.8
5.6.9
5.6.10
5.6.11
5.6.12
5.6.13
5.6.14
5.6.15
5.6.16

6.*

6.0.0-alpha1
6.0.0-alpha2
6.0.0-beta1
6.0.0-beta2
6.0.0-rc1
6.0.0-rc2
6.0.0
6.0.1
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.3.0
6.3.1
6.3.2
6.4.0
6.4.1
6.4.2
6.4.3
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
6.6.0
6.6.1
6.6.2
6.7.0
6.7.1
6.7.2
6.8.0
6.8.1

Maven / org.elasticsearch:elasticsearch

Package

Name
org.elasticsearch:elasticsearch
View open source insights on deps.dev
Purl
pkg:maven/org.elasticsearch/elasticsearch

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.2.1

Affected versions

7.*

7.0.0
7.0.1
7.1.0
7.1.1
7.2.0