2 matches found
Information Disclosure
org.elasticsearch.plugin: x-pack-security is vulnerable to Information Disclosure. The vulnerability arises from the failure to enforce search restrictions during cross-cluster searches when an API key grants both search and replication rights to an index, which allows an attacker to access...
PT-2021-14865 · Elastic · Elasticsearch
Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.11.2 Elasticsearch versions prior to 6.8.15 Description: A document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when...