Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-4910

Malware in sbrugna...

6.5CVSS5.7AI score0.00987EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-4909

Malware in sbrugna...

6.5CVSS5.2AI score0.00987EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-23445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-...

6.5CVSS6.4AI score0.00456EPSS
Exploits0References2
Elastic
Elastic
added 2024/06/06 3:32 a.m.10 views

Elasticsearch 8.14.0 Security Update (ESA-2024-13)

Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions ESA-2024-13 It was identified that if a cross-cluster API key restricts search for a given index using the query or the fieldsecurity parameter, and the same cross-cluster API key also grants replication for the...

6.5CVSS6.9AI score0.00456EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:53 a.m.30 views

BIT-ELASTICSEARCH-2021-22137

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

5.3CVSS5.2AI score0.01101EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.6 views

SUSE CVE-2021-22137

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

5.3CVSS6.4AI score0.01101EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/09/09 7:12 a.m.3 views

elasticsearch: Document disclosure flaw when Document or Field Level Security is used

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

5.3CVSS5.7AI score0.01101EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/07/19 1:40 p.m.23 views

elasticsearch: Document disclosure flaw when Document or Field Level Security is used

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

5.3CVSS5.7AI score0.01101EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 7:2 p.m.2 views

GHSA-HR65-QQ6P-87R4 Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

5.3CVSS5.8AI score0.01101EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 8:51 p.m.39 views

Security Bulletin: Vulnerability in Elasticsearch affects IBM Cloud Private (CVE-2021-22135, CVE-2021-22137)

Summary There is a vulnerability in the Elasticsearch open source library. The library is used by IBM Cloud Private logging. This bulletin identifies the security fixes to apply to address the Elasticsearch vulnerability CVE-2021-22135, CVE-2021-22137. Vulnerability Details CVEID: CVE-2021-22135...

5.3CVSS5.3AI score0.01162EPSS
Exploits0Affected Software1
Prion
Prion
added 2021/05/13 6:15 p.m.23 views

Design/Logic Flaw

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

4.3CVSS5.3AI score0.01101EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2021/03/25 2:58 p.m.36 views

CVE-2021-22137

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

5.3CVSS2.6AI score0.01101EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.7 views

Elasticsearch 信息泄露漏洞

Elasticsearch is a set of Dutch Elasticsearch company built on Lucene open source distributed RESTful search engine . The product is mainly used in cloud computing, and supports data indexing using JSON over HTTP. Elasticsearch There is an information disclosure vulnerability that can be exploite...

5.3CVSS5.7AI score0.01101EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2020/04/02 8:40 a.m.29 views

CVE-2019-13416

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...

6.5CVSS3.8AI score0.00987EPSS
Exploits0References3
OSV
OSV
added 2019/08/13 7:15 p.m.5 views

CVE-2019-13415

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users can gain read access to data they are not authorized to see...

6.5CVSS6.2AI score0.00987EPSS
Exploits0References2
OSV
OSV
added 2019/08/13 7:15 p.m.5 views

CVE-2019-13416

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...

6.5CVSS6.3AI score0.00987EPSS
Exploits0References2
NVD
NVD
added 2019/08/13 7:15 p.m.23 views

CVE-2019-13416

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...

6.5CVSS6.4AI score0.00987EPSS
Exploits0References2
NVD
NVD
added 2019/08/13 7:15 p.m.27 views

CVE-2019-13415

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users can gain read access to data they are not authorized to see...

6.5CVSS6.3AI score0.00987EPSS
Exploits0References2
Prion
Prion
added 2019/08/13 7:15 p.m.14 views

Cross site scripting

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...

3.5CVSS6.4AI score0.00987EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/08/13 7:15 p.m.17 views

Cross site scripting

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users can gain read access to data they are not authorized to see...

3.5CVSS6.2AI score0.00987EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder