honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
🔎 Open source distributed and RESTful search engine.
2,057 Commits 7 Branches 6 Tags 546 MiB
Java 99.5%
Groovy 0.4%
Go to file
jaymode 32af9610dd do not use the cache methods for loading entries into the user cache 
The cache provides a get method with a callable to load the value into the cache. Our callable
performs authentication and then returns a value. The issue with this is that the cache will queue
concurrent calls if a value is already being loaded and return the result to all callers. This is
problematic since the key is only the username and we do not validate the credentials as part of
the get call. This means it is possible for valid credentials to be returned a null user and authentication
fails.

Additionally, another variant exists where it is possible for invalid credentials to be returned a valid
user, which allows an attacker to gain access by only knowing a username and issuing a large number
of concurrent requests.

Closes elastic/elasticsearch#860

Original commit: elastic/x-pack-elasticsearch@3d122d3bbb
 		2015-10-26 09:44:00 -04:00
marvel Marvel: Remove snapshot condition in HttpExporter 2015-10-26 13:44:02 +01:00
qa Changed the Marvel module name to Marvel Agent 2015-10-21 14:03:23 +02:00
shield do not use the cache methods for loading entries into the user cache 2015-10-26 09:44:00 -04:00
watcher Watcher Docs: Fixed messed up cross document links. 2015-10-21 14:29:23 -07:00
x-dev-tools Bumped the version to 3.0.0-SNAPSHOT 2015-09-04 16:30:11 +02:00
LICENSE.txt Initial X-Pack commit 2018-04-20 14:16:58 -07:00
README.asciidoc Update README.asciidoc 2015-07-17 19:01:46 +02:00
pom.xml use a released version of attached-artifact-enforcer instead of snapshot 2015-09-16 09:21:38 -04:00

README.asciidoc 

= Elasticsearch X Plugins

A set of Elastic's commercial plugins:

- License
- Shield
- Watcher
- Marvel