6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-17244

GHSA ID

GHSA-vpqm-88c4-x4cv

EPSS Score

0.70085%

CWE

CWE-200

Published

5/13/2022

Updated

1/27/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-17244

CVE-2018-17244:
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to.

(GitHub Advisory)

6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-17244

GHSA ID

GHSA-vpqm-88c4-x4cv

EPSS Score

0.70085%

CWE

CWE-200

Published

5/13/2022

Updated

1/27/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.elasticsearch:elasticsearch	maven	>= 6.4.0, <= 6.4.2	6.4.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper thread context handling during concurrent authentication operations. The patches focus on adding ContextPreservingActionListener wrappers and thread context parameters to asynchronous operations. The identified functions directly handle authentication flow control (AuthenticationService), user lookup/credential caching (CachingUsernamePasswordRealm), and asynchronous callback management (ListenableFuture). These were vulnerable because they processed multiple concurrent requests without properly isolating thread contexts, allowing header/credential mixups. The patch evidence shows direct modifications to add context preservation in these specific code paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*l*sti*s**r** S**urity v*rsions *.*.* to *.*.* *ont*in *n *rror in t** w*y r*qu*st *****rs *r* *ppli** to r*qu*sts w**n usin* t** **tiv* *ir**tory, L**P, N*tiv*, or *il* r**lms. * r*qu*st m*y r***iv* *****rs int*n*** *or *not**r r*qu*st i* t** s*m* u

Reasoning

T** vuln*r**ility st*ms *rom improp*r t*r*** *ont*xt **n*lin* *urin* *on*urr*nt *ut**nti**tion op*r*tions. T** p*t***s *o*us on ***in* `*ont*xtPr*s*rvin***tionList*n*r` wr*pp*rs *n* t*r*** *ont*xt p*r*m*t*rs to *syn**ronous op*r*tions. T** i**nti*i**

6.5

Basic Information

Concerned about an active attack path?

CVE-2018-17244: Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-17244:
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

Vulnerability Intelligence
Miggo AI