Описание
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
Ссылки
- Release Notes
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 24.0 (исключая)
cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
CWE-200
Связанные уязвимости
CVSS3: 4.3
redhat
больше 6 лет назад
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
CVSS3: 5.3
github
больше 3 лет назад
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
EPSS
Процентиль: 42%
0.00203
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
CWE-200