CVE-2025-12149

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security DLS is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices...

CVE-2025-12149 Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security DLS is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices...

Floragunn Search Guard FLX 安全漏洞

Floragunn Search Guard FLX is a security component for protecting Elastic Search from Floragunn, Germany. A security vulnerability exists in Floragunn Search Guard FLX 3.1.2 and earlier versions, which stems from a failure to enforce DLS rules when triggering a search from Signals watch, which...

PT-2025-46956

Name of the Vulnerable Software and Affected Versions Search Guard FLX versions 3.1.2 and earlier Description In Search Guard FLX versions 3.1.2 and earlier, Document-Level Security DLS is not enforced when a search is initiated from a Signals watch, potentially granting access to all documents...