Loading...

XML

Word

Printable

Details

Type: Improvement
Resolution: Fixed
Priority: Major
Fix Version/s: 4.3.0, 4.2.12
Affects Version/s: None
Security Level: Public
Labels:
None

Story Points:
1

Description

Versions of Elasticsearch between 7.10.0 and 7.13.3 inclusive have a bug that can cause user credentials to appear in indexing failure messages (CVE-2021-22145, fixed in Elasticsearch 7.13.4).

The connector logs indexing failure messages, and also writes them to the "redaction log" elasticsearch index. In order to mitigate the Elasticsearch CVE, redact failure messages that look like they might contain sensitive information.

Attachments

Issue Links

links to

Elasticsearch CVE-2021-22145

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: David Nault

Reporter:: David Nault

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 15/Jul/21 2:55 PM

Updated:: 02/Aug/21 8:07 AM

Resolved:: 16/Jul/21 1:19 AM

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

CBES-213 Sanitize Elasticsearch failure messages: Gerrit Review:

CBES-213 Sanitize Elasticsearch failure messages: Gerrit Review:

Details

Description

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty