Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.elasticsearch/elasticsearch@5.6.12

Type maven

Namespace org.elasticsearch

Name elasticsearch

Version 5.6.12

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 5.6.15

Latest_non_vulnerable_version 9.2.2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-twqd-xebv-c3az

vulnerability_id VCID-twqd-xebv-c3az

summary

Exposure of Sensitive Information to an Unauthorized Actor
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-3831

reference_id

reference_type

scores

value	0.00817
scoring_system	epss
scoring_elements	0.74649
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-3831

reference_url	https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035
reference_id
reference_type
scores
url	https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035

reference_url	https://www.elastic.co/community/security
reference_id
reference_type
scores
url	https://www.elastic.co/community/security

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-3831
reference_id	CVE-2018-3831
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-3831

reference_url

https://github.com/advisories/GHSA-r9fv-qpm9-rj4g

reference_id

GHSA-r9fv-qpm9-rj4g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r9fv-qpm9-rj4g

fixed_packages

url	pkg:maven/org.elasticsearch/elasticsearch@5.6.12
purl	pkg:maven/org.elasticsearch/elasticsearch@5.6.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@5.6.12

url	pkg:maven/org.elasticsearch/elasticsearch@6.4.1
purl	pkg:maven/org.elasticsearch/elasticsearch@6.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.4.1

aliases CVE-2018-3831, GHSA-r9fv-qpm9-rj4g

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twqd-xebv-c3az

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@5.6.12

Package Instance