139 matches found
CVE-2025-12147
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
EUVD-2025-36685
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
EUVD-2025-36687
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
CVE-2025-12148
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12147
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
CVE-2025-12148 Unauthorized access to fields protected by Field Masking (FM) for fields of type IP
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12148 Unauthorized access to fields protected by Field Masking (FM) for fields of type IP
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12148
In CVE-2025-12148, Floragunn Search Guard FLX versions 3.1.1 and earlier expose a vulnerability where Field Masking (FM) rules are not properly enforced on IP-type fields. Although the redacted _source is returned, search hits can be based on specific IP values, enabling reconstruction of the ori...
CVE-2025-12147 Unauthorized access to fields protected by Field-Level Security (FLS) when those fields are members of an object
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
CVE-2025-12147
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are misapplied on object-valued fields. An FLS exclusion (for example ~field) removes the object from the _source in search results, but the object’s child attributes remain accessible to queries, enabling potential ...
CVE-2025-12147 Unauthorized access to fields protected by Field-Level Security (FLS) when those fields are members of an object
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
PT-2025-44309
Name of the Vulnerable Software and Affected Versions Search Guard FLX versions 3.1.1 and earlier Description Field-Level Security FLS rules are not properly enforced on object-valued fields. When an FLS exclusion rule is applied to a field containing an object, the object is removed from search...
Floragunn Search Guard FLX 安全漏洞
Floragunn Search Guard FLX is a security component for protecting Elastic Search from Floragunn, Germany. A security vulnerability exists in Floragunn Search Guard FLX 3.1.1 and earlier versions, which stems from improper implementation of field-level security rules for object value fields, which...
PT-2025-44310
Name of the Vulnerable Software and Affected Versions Search Guard versions 3.1.1 and earlier Description Field Masking FM rules are not properly enforced on fields of type IP IP Address. While the content of these fields is redacted in search results, documents are still returned when searching...
EUVD-2019-4911
Malware in sbrugna...
EUVD-2021-1968
Malware in sbrugna...
EUVD-2017-17399
Malware in sbrugna...
EUVD-2021-0657
Malware in sbrugna...
EUVD-2007-3584
Malware in sbrugna...
EUVD-2025-29429
Malicious code in bioql PyPI...