Miggo Logo

CVE-2018-17244: Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

6.5

CVSS Score
3.0

Basic Information

EPSS Score
0.70085%
Published
5/13/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.elasticsearch:elasticsearchmaven>= 6.4.0, <= 6.4.26.4.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper thread context handling during concurrent authentication operations. The patches focus on adding ContextPreservingActionListener wrappers and thread context parameters to asynchronous operations. The identified functions directly handle authentication flow control (AuthenticationService), user lookup/credential caching (CachingUsernamePasswordRealm), and asynchronous callback management (ListenableFuture). These were vulnerable because they processed multiple concurrent requests without properly isolating thread contexts, allowing header/credential mixups. The patch evidence shows direct modifications to add context preservation in these specific code paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*l*sti*s**r** S**urity v*rsions *.*.* to *.*.* *ont*in *n *rror in t** w*y r*qu*st *****rs *r* *ppli** to r*qu*sts w**n usin* t** **tiv* *ir**tory, L**P, N*tiv*, or *il* r**lms. * r*qu*st m*y r***iv* *****rs int*n*** *or *not**r r*qu*st i* t** s*m* u

Reasoning

T** vuln*r**ility st*ms *rom improp*r t*r*** *ont*xt **n*lin* *urin* *on*urr*nt *ut**nti**tion op*r*tions. T** p*t***s *o*us on ***in* `*ont*xtPr*s*rvin***tionList*n*r` wr*pp*rs *n* t*r*** *ont*xt p*r*m*t*rs to *syn**ronous op*r*tions. T** i**nti*i**