Описание
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | openshift-elasticsearch-plugin | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.9 | openshift-elasticsearch-plugin | Not affected | ||
| Red Hat OpenShift Container Platform 3.9 | search-guard-2 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch5 | Fix deferred |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1749222search-guard: information disclosure in field level security (FLS)
EPSS
Процентиль: 42%
0.00203
Низкий
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
больше 6 лет назад
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
CVSS3: 5.3
github
больше 3 лет назад
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
EPSS
Процентиль: 42%
0.00203
Низкий
4.3 Medium
CVSS3