Bug 2254251 (CVE-2023-49921)
| Summary: | CVE-2023-49921 elasticsearch: Insertion of Sensitive Information into Log File | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bdettelb, eglynn, jcantril, jjoyce, jschluet, lhh, lsvaty, mburns, mgarciac, mmagr, pgrist |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Elasticsearch. Watcher search input is logged in the search query results when using the DEBUG log level, which could lead to excessive logging of unnecessary and unauthorized content.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2254252, 2254253 | ||
| Bug Blocks: | 2254246 | ||
|
Description
Patrick Del Bello
2023-12-12 20:52:59 UTC
|