Vulnerability	Vulnerable Version
M Insertion of Sensitive Information into Log File org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker can obtain sensitive information by triggering audit logs that capture confidential data during request processing. How to fix Insertion of Sensitive Information into Log File? Upgrade `org.elasticsearch:elasticsearch` to version 8.18.7, 8.19.5, 9.0.8, 9.1.5 or higher.	[,8.18.7)[8.19.0,8.19.5)[9.0.0-beta1,9.0.8)[9.1.0,9.1.5)

Insertion of Sensitive Information into Log File

org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker can obtain sensitive information by triggering audit logs that capture confidential data during request processing.

How to fix Insertion of Sensitive Information into Log File?

Upgrade org.elasticsearch:elasticsearch to version 8.18.7, 8.19.5, 9.0.8, 9.1.5 or higher.

[,8.18.7)[8.19.0,8.19.5)[9.0.0-beta1,9.0.8)[9.1.0,9.1.5)

Go back to all versions of this package