24 matches found
UBUNTU-CVE-2024-23445
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...
CVE-2024-23445
CVE-2024-23445 affects Elasticsearch remote-cluster API key security model (GA 8.14.0). The issue: a cross-cluster API key that restricts index search via query or field_security and also grants replication for the same index may not enforce search restrictions during cross-cluster search, potent...
PT-2024-4672 · Elastic · Elasticsearch
Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 8.14.0 Description: The issue is related to the implementation of the Elasticsearch search system's application programming interface, specifically with the cross-cluster API key. If a cross-cluster API key...
CVE-2019-13416
Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...