4 matches found
CVE-2025-12149
In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security DLS is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices...
EUVD-2025-197609
In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security DLS is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices...
CVE-2025-12149
In CVE-2025-12149, Search Guard FLX ≤3.1.2 fails to enforce Document-Level Security when a Signals-watch triggers a search, potentially allowing access to all documents in the queried indices. Affected component: Search Guard FLX; root cause: DLS enforcement gap specific to Signals-triggered sear...
CVE-2025-12149 Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents
In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security DLS is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices...