CVE-2020-7019

Опубликовано: 18 авг. 2020

Источник: redhat

CVSS3: 5.3

Описание

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Decision Manager 7	elasticsearch	Not affected
Red Hat Fuse 7	elasticsearch	Not affected
Red Hat JBoss Fuse 6	elasticsearch	Not affected
Red Hat OpenShift Container Platform 3.11	openshift3/ose-logging-elasticsearch5	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-logging-elasticsearch5	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-logging-elasticsearch6	Not affected
Red Hat Process Automation 7	elasticsearch	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-270

https://bugzilla.redhat.com/show_bug.cgi?id=1870346elasticsearch: scrolling search can leak fields that should be hidden allowing access restriction bypass

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2020-7019

CVSS3: 6.5

ubuntu

больше 5 лет назад

CVE-2020-7019

CVSS3: 6.5

nvd

больше 5 лет назад

CVE-2020-7019

CVSS3: 6.5

msrc

около 4 лет назад

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.

CVE-2020-7019

CVSS3: 6.5

debian

больше 5 лет назад

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was f ...

GHSA-c77j-p484-h84m

CVSS3: 6.5

github

больше 3 лет назад

Improper privilege management in elasticsearch

5.3 Medium

CVSS3