CVE-2019-7614

Name of the Vulnerable Software and Affected Versions Elasticsearch versions prior to 7.2.1 Elasticsearch versions prior to 6.8.2

Description A race condition flaw was found in the response headers returned by Elasticsearch. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response headers containing sensitive data from another user.

Recommendations For Elasticsearch versions prior to 7.2.1, update to version 7.2.1 or later to resolve the issue. For Elasticsearch versions prior to 6.8.2, update to version 6.8.2 or later to resolve the issue.