11 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-12539
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security ...
CVE-2024-12539
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow...
net.sc8s:elastic-testkit_2.13 (=0.96.0), nl.basjes.parse.useragent:yauaa-elasticsearch-8 (=7.29.0) +3 more potentially affected by CVE-2024-12539 via org.elasticsearch:elasticsearch (>=8.16.0 <=8.16.1)
org.elasticsearch:elasticsearch MAVEN version =8.16.0, =8.16.0, =8.16.0, =8.16.0, =8.16.1 Source cves: CVE-2024-12539 Source advisory: OSV:GHSA-5MPW-4546-2WCR...
CVE-2024-12539
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow...
CVE-2024-12539 vulnerabilities
Vulnerabilities for packages: ruby3.3-elasticsearch, elasticsearch, ruby3.2-elasticsearch, elasticsearch-fips...
CVE-2024-12539 vulnerabilities
Vulnerabilities for packages: ruby3.2-elasticsearch, ruby3.3-elasticsearch...
CVE-2024-12539
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow...
CVE-2024-12539
creationtimestamp| type| source ---|---|--- 2024-12-17 20:54:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113670150654187068 2024-12-17 21:24:16+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113670268893584009 2024-12-17 23:28:31+00:00| seen|...
CVE-2024-12539 Elasticsearch Incorrect Authorization
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow...
CVE-2024-12539 Elasticsearch Incorrect Authorization
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow...
Elasticsearch 8.16.2 / 8.17.0 Security Update
Elasticsearch Incorrect Authorization ESA-2024-46 An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow...