Bug 2403034 (CVE-2025-37727)
| Summary: | CVE-2025-37727 org.elasticsearch/elasticsearch-core: Elasticsearch Insertion of sensitive information in log file | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | asoldano, bbaranow, bmaxwell, brian.stansberry, darran.lofthouse, dkreling, dosoudil, gmalinko, istudens, ivassile, iweiss, janstey, jcantril, mosmerov, msochure, msvehla, nwallace, pdelbell, pesilva, pjindal, pmackay, rojacob, rstancel, rstepani, smaestri, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A lack of log sanitization has been discovered in Elasticsearch. This issue arises under specific preconditions when auditing requests to the reindex API. Users of affected versions should inspect their logs if they are concerned about confidentiality loss.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-10-10 10:01:19 UTC
|