Candidate: CVE-2020-7021
PublicDate: 2021-02-10 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7021
 https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
Description:
 Elasticsearch versions before 7.10.0 and 6.8.14 have an information
 disclosure issue when audit logging and the emit_request_body option is
 enabled. The Elasticsearch audit log could contain sensitive information
 such as password hashes or authentication tokens. This could allow an
 Elasticsearch administrator to view these details.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N [4.9 MEDIUM]


Patches_elasticsearch:
upstream_elasticsearch: needs-triage
precise/esm_elasticsearch: DNE
trusty_elasticsearch: ignored (out of standard support)
trusty/esm_elasticsearch: DNE
xenial_elasticsearch: ignored (end of standard support, was needs-triage)
bionic_elasticsearch: DNE
focal_elasticsearch: DNE
groovy_elasticsearch: DNE
hirsute_elasticsearch: DNE
impish_elasticsearch: DNE
jammy_elasticsearch: DNE
devel_elasticsearch: DNE