Design/Logic Flaw

2019-08-1221:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.

CPENameOperatorVersion
search_guardlt24.0

CPE	Name	Operator	Version
	search_guard	lt	24.0

References

docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0

search-guard.com/cve-advisory/