CNNVD-202510-1472 Information
CNNVD ID
CNNVD-202510-1472
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
Elastic Elasticsearch是荷兰Elastic公司的一个基于Lucene库的搜索引擎。 Elastic Elasticsearch存在安全漏洞,该漏洞源于在特定条件下审计请求时会将敏感信息插入日志文件,可能导致信息泄露。
Description (English)
Elasticsearch is a search engine based on the Lucene bank of the Netherlands company Elastic. Elastic Elasticsearch has a security loophole, which stems from the fact that sensitive information is inserted into log files when a request is audited under certain conditions, which may lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Elastic
Published
2025-10-10
Last Modified
2026-02-24
References
https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453 https://vigilance.fr/vulnerability/Elasticsearch-logged-sensitive-information-via-Reindex-API-48404 https://access.redhat.com/security/cve/cve-2025-37727
Patch
https://www.elastic.co/elasticsearch/
Share on: