5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.4%
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1
search-guard.com/cve-advisory/
www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt