CVE-2019-7619 - AskarLabs CVE Database

CVE-2019-7619

Vendor Elastic

Product Elasticsearch

Weakness CWE-200 · Info exposure

Published October 30, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

Key dates

02Disclosure timeline

October 30, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-7619 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2026-34947 Discourse: Staged user custom fields are exposed on public invite pages CVE-2024-46979 Data leak of notification filters of users in XWiki Platform CVE-2020-8316 CVE-2024-43707 Kibana exposure of sensitive information to an unauthorized actor CVE-2026-6346 Sensitive credentials exposed in plaintext in Mattermost support packets