The host is installed with Elasticsearch before 6.8.2 and 7.x before 7.2.1 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to handle an issue in response headers. Successful exploitation could allow attackers to gain access to response header containing sensitive data from another user.