Vulnerable Libraries - elasticsearch-6.3.2.jar, elasticsearch-2.0.0.jar, elasticsearch-2.4.6.jar, elasticsearch-6.4.3.jar, elasticsearch-2.2.0.jar, elasticsearch-6.0.0.jar, elasticsearch-7.0.0.jar, elasticsearch-6.4.0.jar, elasticsearch-5.0.0.jar, elasticsearch-5.6.16.jar, elasticsearch-5.5.0.jar, elasticsearch-5.3.0.jar
elasticsearch-6.3.2.jar
Elasticsearch subproject :server
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/rest-5/rest-5.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/6.3.2/1b4b423e654d5ec6eef747ee29baf2bf1def1c7b/elasticsearch-6.3.2.jar
Dependency Hierarchy:
- ❌ elasticsearch-6.3.2.jar (Vulnerable Library)
elasticsearch-2.0.0.jar
Elasticsearch - Open Source, Distributed, RESTful Search Engine
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/parent/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.0.0/a1189b6b207fda733044b4f0d766ff04103d0b81/elasticsearch-2.0.0.jar,/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.0.0/a1189b6b207fda733044b4f0d766ff04103d0b81/elasticsearch-2.0.0.jar
Dependency Hierarchy:
- ❌ elasticsearch-2.0.0.jar (Vulnerable Library)
elasticsearch-2.4.6.jar
Elasticsearch - Open Source, Distributed, RESTful Search Engine
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/parent/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.4.6/d2954e1173a608a9711f132d1768a676a8b1fb81/elasticsearch-2.4.6.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.4.6/d2954e1173a608a9711f132d1768a676a8b1fb81/elasticsearch-2.4.6.jar
Dependency Hierarchy:
- ❌ elasticsearch-2.4.6.jar (Vulnerable Library)
elasticsearch-6.4.3.jar
Elasticsearch subproject :server
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-6/transport-6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/6.4.3/2fea9b67907d868a07c94d92f7c31b260b1095e6/elasticsearch-6.4.3.jar
Dependency Hierarchy:
- transport-6.4.3.jar (Root Library)
- ❌ elasticsearch-6.4.3.jar (Vulnerable Library)
elasticsearch-2.2.0.jar
Elasticsearch - Open Source, Distributed, RESTful Search Engine
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/parent/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.2.0/9b4096cb3b175d0d3a643b70fe95b6a1c8e48553/elasticsearch-2.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.2.0/9b4096cb3b175d0d3a643b70fe95b6a1c8e48553/elasticsearch-2.2.0.jar
Dependency Hierarchy:
- ❌ elasticsearch-2.2.0.jar (Vulnerable Library)
elasticsearch-6.0.0.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-6/transport-6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/6.0.0/5b88a93549c5082c3c500feab846d0f71da50a58/elasticsearch-6.0.0.jar
Dependency Hierarchy:
- transport-6.0.0.jar (Root Library)
- ❌ elasticsearch-6.0.0.jar (Vulnerable Library)
elasticsearch-7.0.0.jar
Elasticsearch subproject :server
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/rest-7/rest-7.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/7.0.0/3e6ef8fae91364f7a5e182f71866c361da2b0692/elasticsearch-7.0.0.jar
Dependency Hierarchy:
- ❌ elasticsearch-7.0.0.jar (Vulnerable Library)
elasticsearch-6.4.0.jar
Elasticsearch subproject :server
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/rest-6.4/rest-6.4.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/6.4.0/e14f124c6b7cfc93aa5e5c7f616df4f06c0f7c99/elasticsearch-6.4.0.jar
Dependency Hierarchy:
- ❌ elasticsearch-6.4.0.jar (Vulnerable Library)
elasticsearch-5.0.0.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/rest-5/rest-5.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.0.0/3925b82e256d59b36d96f0b3ffaae4e73706cbdb/elasticsearch-5.0.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.0.0/3925b82e256d59b36d96f0b3ffaae4e73706cbdb/elasticsearch-5.0.0.jar
Dependency Hierarchy:
- ❌ elasticsearch-5.0.0.jar (Vulnerable Library)
elasticsearch-5.6.16.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.6.16/93b90f1305bd945d8b9322c902af6515b63011b8/elasticsearch-5.6.16.jar
Dependency Hierarchy:
- transport-netty3-client-5.6.16.jar (Root Library)
- ❌ elasticsearch-5.6.16.jar (Vulnerable Library)
elasticsearch-5.5.0.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.5.0/53060a2e2373158645f0c42c51996af4914eedd7/elasticsearch-5.5.0.jar
Dependency Hierarchy:
- spring-data-elasticsearch-3.0.0.RELEASE.jar (Root Library)
- ❌ elasticsearch-5.5.0.jar (Vulnerable Library)
elasticsearch-5.3.0.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.3.0/f42e60773fa004188020327fcfbd5b946f9834c6/elasticsearch-5.3.0.jar
Dependency Hierarchy:
- transport-5.3.0.jar (Root Library)
- ❌ elasticsearch-5.3.0.jar (Vulnerable Library)
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7614
Release Date: 2019-07-30
Fix Resolution (org.elasticsearch:elasticsearch): 6.8.2
Direct dependency fix Resolution (org.elasticsearch.client:transport): 6.8.2
Fix Resolution (org.elasticsearch:elasticsearch): 6.8.2
Direct dependency fix Resolution (org.elasticsearch.client:transport): 6.8.2
Fix Resolution (org.elasticsearch:elasticsearch): 6.8.2
Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 3.2.1.RELEASE
Fix Resolution (org.elasticsearch:elasticsearch): 6.8.2
Direct dependency fix Resolution (org.elasticsearch.client:transport): 6.8.2
CVE-2019-7614 - Medium Severity Vulnerability
elasticsearch-6.3.2.jar
Elasticsearch subproject :server
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/rest-5/rest-5.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/6.3.2/1b4b423e654d5ec6eef747ee29baf2bf1def1c7b/elasticsearch-6.3.2.jar
Dependency Hierarchy:
elasticsearch-2.0.0.jar
Elasticsearch - Open Source, Distributed, RESTful Search Engine
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/parent/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.0.0/a1189b6b207fda733044b4f0d766ff04103d0b81/elasticsearch-2.0.0.jar,/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.0.0/a1189b6b207fda733044b4f0d766ff04103d0b81/elasticsearch-2.0.0.jar
Dependency Hierarchy:
elasticsearch-2.4.6.jar
Elasticsearch - Open Source, Distributed, RESTful Search Engine
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/parent/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.4.6/d2954e1173a608a9711f132d1768a676a8b1fb81/elasticsearch-2.4.6.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.4.6/d2954e1173a608a9711f132d1768a676a8b1fb81/elasticsearch-2.4.6.jar
Dependency Hierarchy:
elasticsearch-6.4.3.jar
Elasticsearch subproject :server
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-6/transport-6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/6.4.3/2fea9b67907d868a07c94d92f7c31b260b1095e6/elasticsearch-6.4.3.jar
Dependency Hierarchy:
elasticsearch-2.2.0.jar
Elasticsearch - Open Source, Distributed, RESTful Search Engine
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/parent/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.2.0/9b4096cb3b175d0d3a643b70fe95b6a1c8e48553/elasticsearch-2.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/2.2.0/9b4096cb3b175d0d3a643b70fe95b6a1c8e48553/elasticsearch-2.2.0.jar
Dependency Hierarchy:
elasticsearch-6.0.0.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-6/transport-6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/6.0.0/5b88a93549c5082c3c500feab846d0f71da50a58/elasticsearch-6.0.0.jar
Dependency Hierarchy:
elasticsearch-7.0.0.jar
Elasticsearch subproject :server
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/rest-7/rest-7.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/7.0.0/3e6ef8fae91364f7a5e182f71866c361da2b0692/elasticsearch-7.0.0.jar
Dependency Hierarchy:
elasticsearch-6.4.0.jar
Elasticsearch subproject :server
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/rest-6.4/rest-6.4.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/6.4.0/e14f124c6b7cfc93aa5e5c7f616df4f06c0f7c99/elasticsearch-6.4.0.jar
Dependency Hierarchy:
elasticsearch-5.0.0.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/rest-5/rest-5.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.0.0/3925b82e256d59b36d96f0b3ffaae4e73706cbdb/elasticsearch-5.0.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.0.0/3925b82e256d59b36d96f0b3ffaae4e73706cbdb/elasticsearch-5.0.0.jar
Dependency Hierarchy:
elasticsearch-5.6.16.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.6.16/93b90f1305bd945d8b9322c902af6515b63011b8/elasticsearch-5.6.16.jar
Dependency Hierarchy:
elasticsearch-5.5.0.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.5.0/53060a2e2373158645f0c42c51996af4914eedd7/elasticsearch-5.5.0.jar
Dependency Hierarchy:
elasticsearch-5.3.0.jar
Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.elasticsearch/elasticsearch/5.3.0/f42e60773fa004188020327fcfbd5b946f9834c6/elasticsearch-5.3.0.jar
Dependency Hierarchy:
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.
Publish Date: 2019-07-30
URL: CVE-2019-7614
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7614
Release Date: 2019-07-30
Fix Resolution (org.elasticsearch:elasticsearch): 6.8.2
Direct dependency fix Resolution (org.elasticsearch.client:transport): 6.8.2
Fix Resolution (org.elasticsearch:elasticsearch): 6.8.2
Direct dependency fix Resolution (org.elasticsearch.client:transport): 6.8.2
Fix Resolution (org.elasticsearch:elasticsearch): 6.8.2
Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 3.2.1.RELEASE
Fix Resolution (org.elasticsearch:elasticsearch): 6.8.2
Direct dependency fix Resolution (org.elasticsearch.client:transport): 6.8.2
⛑️ Automatic Remediation is available for this issue