Описание
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | openshift-elasticsearch-plugin | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.9 | openshift-elasticsearch-plugin | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.9 | search-guard-2 | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch5 | Fix deferred |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1758535search-guard: authenticated users can gain read access to data they are not authorized to see
EPSS
Процентиль: 42%
0.00204
Низкий
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
больше 6 лет назад
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
github
больше 3 лет назад
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
EPSS
Процентиль: 42%
0.00204
Низкий
4.3 Medium
CVSS3