Description
Versions of Elasticsearch between 7.10.0 and 7.13.3 inclusive have a bug that can cause user credentials to appear in indexing failure messages (CVE-2021-22145, fixed in Elasticsearch 7.13.4).
The connector logs indexing failure messages, and also writes them to the "redaction log" elasticsearch index. In order to mitigate the Elasticsearch CVE, redact failure messages that look like they might contain sensitive information.
Attachments
Issue Links
- links to