CVE-2018-17244: Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
6.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.70085%
CWE
Published
5/13/2022
Updated
1/27/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.elasticsearch:elasticsearch | maven | >= 6.4.0, <= 6.4.2 | 6.4.3 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper thread context handling during concurrent authentication operations. The patches focus on adding ContextPreservingActionListener
wrappers and thread context parameters to asynchronous operations. The identified functions directly handle authentication flow control (AuthenticationService
), user lookup/credential caching (CachingUsernamePasswordRealm
), and asynchronous callback management (ListenableFuture
). These were vulnerable because they processed multiple concurrent requests without properly isolating thread contexts, allowing header/credential mixups. The patch evidence shows direct modifications to add context preservation in these specific code paths.