VYPR
Medium severity5.3NVD Advisory· Published Oct 30, 2019· Updated Jun 17, 2026

CVE-2019-7619

CVE-2019-7619

Description

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.elasticsearch:elasticsearchMaven
>= 6.7.0, < 6.8.46.8.4
org.elasticsearch:elasticsearchMaven
>= 7.0.0, < 7.4.07.4.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.