Описание
In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices.
EPSS
Процентиль: 15%
0.00047
Низкий
Дефекты
CWE-200
Связанные уязвимости
github
3 месяца назад
In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is trigged from a Signal's watch, the DLS rule is not enforced, allowing access to all documents in the queried indices.
EPSS
Процентиль: 15%
0.00047
Низкий
Дефекты
CWE-200