Lucene search
Redhat.comRH:CVE-2019-7611HistoryApr 04, 2019 - 4:19 a.m.
CVE-2019-7611
2019-04-0404:19:45
redhat.com
access.redhat.com
11
0.002 Low
EPSS
Percentile
64.7%
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
Related
nessus
nessus
Photon OS 2.0: Elasticsearch PHSA-2019-2.0-0155
2019-05-15 00:00:00
Elasticsearch ESA-2019-04
2019-03-20 00:00:00
github
github
Improper Access Control in Elasticsearch
2022-05-13 01:14:26
osv
osv
Improper Access Control in Elasticsearch
2022-05-13 01:14:26
CVE-2019-7611
2019-03-25 19:29:02
cvelist
cvelist
CVE-2019-7611
2019-03-25 18:34:06
veracode
veracode
Privilege Escalation
2019-07-08 16:20:35
cve
cve
CVE-2019-7611
2019-03-25 19:29:02
archlinux
archlinux
[ASA-201902-27] elasticsearch: privilege escalation
2019-02-25 00:00:00
nvd
nvd
CVE-2019-7611
2019-03-25 19:29:02
ubuntucve
ubuntucve
CVE-2019-7611
2019-03-25 00:00:00
openvas
openvas
prion
prion
Design/Logic Flaw
2019-03-25 19:29:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-1.0-0225
2019-04-19 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0155
2019-04-29 00:00:00
Critical Photon OS Security Update - PHSA-2019-0225
2019-04-19 00:00:00
ibm
ibm
redhat
redhat