|Category:||Web application abuses|
|Title:||Elasticsearch '_snapshot API' Information Disclosure Vulnerability (Windows)|
|Summary:||This host is running Elasticsearch and is prone; to information disclosure vulnerability.|
This host is running Elasticsearch and is prone
to information disclosure vulnerability.
The flaw is due to an error when access_key
and security_key parameters are set via the '_snapshot' API.
Successful exploitation will allows remote
attackers to query the _snapshot API and leak sensitive information.
Elasticsearch versions 6.0.0-beta1 to 6.2.4 on Windows.
Upgrade to Elasticsearch version 6.3.0 or
later. For updates refer to Reference links.
Common Vulnerability Exposure (CVE) ID: CVE-2018-3826|
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.