Description
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Scores
CVSS v3
5.7
EPSS
0.0002
EPSS Percentile
5.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (2)
elastic/elasticsearch
7.0.0 - 7.17.29
org.elasticsearch/elasticsearch
7.0.0 - 8.18.8Maven
Published
Oct 10, 2025
Tracked Since
Feb 18, 2026