24 matches found
EUVD-2019-4910
Malware in sbrugna...
EUVD-2019-4909
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-23445
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-...
Elasticsearch 8.14.0 Security Update (ESA-2024-13)
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions ESA-2024-13 It was identified that if a cross-cluster API key restricts search for a given index using the query or the fieldsecurity parameter, and the same cross-cluster API key also grants replication for the...
BIT-ELASTICSEARCH-2021-22137
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
SUSE CVE-2021-22137
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
elasticsearch: Document disclosure flaw when Document or Field Level Security is used
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
elasticsearch: Document disclosure flaw when Document or Field Level Security is used
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
GHSA-HR65-QQ6P-87R4 Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
Security Bulletin: Vulnerability in Elasticsearch affects IBM Cloud Private (CVE-2021-22135, CVE-2021-22137)
Summary There is a vulnerability in the Elasticsearch open source library. The library is used by IBM Cloud Private logging. This bulletin identifies the security fixes to apply to address the Elasticsearch vulnerability CVE-2021-22135, CVE-2021-22137. Vulnerability Details CVEID: CVE-2021-22135...
Design/Logic Flaw
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
CVE-2021-22137
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
Elasticsearch 信息泄露漏洞
Elasticsearch is a set of Dutch Elasticsearch company built on Lucene open source distributed RESTful search engine . The product is mainly used in cloud computing, and supports data indexing using JSON over HTTP. Elasticsearch There is an information disclosure vulnerability that can be exploite...
CVE-2019-13416
Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...
CVE-2019-13415
Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users can gain read access to data they are not authorized to see...
CVE-2019-13416
Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...
CVE-2019-13416
Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...
CVE-2019-13415
Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users can gain read access to data they are not authorized to see...
Cross site scripting
Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...
Cross site scripting
Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users can gain read access to data they are not authorized to see...