CVE-2020-7021

CVE-2020-7021

Vendor Elastic
Product Elasticsearch
Weakness CWE-532 · Sensitive info in logs
Published February 10, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

Key dates

02Disclosure timeline

February 10, 2021 CVE published
August 4, 2024 Record updated