Описание
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | openshift-elasticsearch-plugin | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.9 | openshift-elasticsearch-plugin | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.9 | search-guard-2 | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch5 | Fix deferred |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1758313search-guard: authenticated users ignoring their roles on the remote cluster
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
больше 6 лет назад
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
github
больше 3 лет назад
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
5.3 Medium
CVSS3