Miggo Logo

CVE-2020-7021: Insertion of Sensitive Information into Log File in Elasticsearch

4.9

CVSS Score
3.1

Basic Information

EPSS Score
0.60567%
Published
5/24/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.elasticsearch:elasticsearchmaven<= 6.8.136.8.14
org.elasticsearch:elasticsearchmaven>= 7.0.0, <= 7.0.97.10.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability explicitly relates to audit logging with emit_request_body enabled. These functions are core components of Elasticsearch's audit logging system that would handle request body inclusion. The CWE-532 classification confirms this is a logging-sensitive-data issue. While exact code isn't available, Elasticsearch's architecture documentation and security advisories indicate these components manage request body logging. The patched versions likely added filtering in these functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*l*sti*s**r** v*rsions ***or* *.**.* *n* *.*.** **v* *n in*orm*tion *is*losur* issu* w**n *u*it lo**in* *n* t** *mit_r*qu*st_*o*y option is *n**l**. T** *l*sti*s**r** *u*it lo* *oul* *ont*in s*nsitiv* in*orm*tion su** *s p*sswor* **s**s or *ut**nti**

Reasoning

T** vuln*r**ility *xpli*itly r*l*t*s to *u*it lo**in* wit* *mit_r*qu*st_*o*y *n**l**. T**s* *un*tions *r* *or* *ompon*nts o* *l*sti*s**r**'s *u*it lo**in* syst*m t**t woul* **n*l* r*qu*st *o*y in*lusion. T** *W*-*** *l*ssi*i**tion *on*irms t*is is *