What the vulnerability does

01Description

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.

Key dates

02Disclosure timeline

July 30, 2019 CVE published
August 4, 2024 Record updated