Lucene search
ElasticCVELIST:CVE-2019-7611HistoryMar 25, 2019 - 6:34 p.m.
CVE-2019-7611
2019-03-2518:34:06
CWE-284
elastic
www.cve.org
1
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
CNA Affected
[
{
"product": "Elasticsearch",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.15 and 6.6.1"
}
]
}
]Related
nessus
nessus
Elasticsearch ESA-2019-04
2019-03-20 00:00:00
Photon OS 2.0: Elasticsearch PHSA-2019-2.0-0155
2019-05-15 00:00:00
osv
osv
Improper Access Control in Elasticsearch
2022-05-13 01:14:26
CVE-2019-7611
2019-03-25 19:29:02
cve
cve
CVE-2019-7611
2019-03-25 19:29:02
veracode
veracode
Privilege Escalation
2019-07-08 16:20:35
archlinux
archlinux
[ASA-201902-27] elasticsearch: privilege escalation
2019-02-25 00:00:00
github
github
Improper Access Control in Elasticsearch
2022-05-13 01:14:26
nvd
nvd
CVE-2019-7611
2019-03-25 19:29:02
redhatcve
redhatcve
CVE-2019-7611
2019-04-04 04:19:45
ubuntucve
ubuntucve
CVE-2019-7611
2019-03-25 00:00:00
openvas
openvas
prion
prion
Design/Logic Flaw
2019-03-25 19:29:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-1.0-0225
2019-04-19 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0155
2019-04-29 00:00:00
Critical Photon OS Security Update - PHSA-2019-0225
2019-04-19 00:00:00
ibm
ibm
redhat
redhat