6 matches found
Security Bulletin: Multiple security vulnerabilities have been identified in Elasticsearch shipped with IBM Tivoli Netcool Impact
Summary Elasticsearch is shipped with IBM Tivoli Netcool Impact, Information about multiple security vulnerabilities affecting elasticsearch has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-7020 DESCRIPTION: Elastic Enterprise Search could allow a remote...
CVE-2020-7020 affecting package rubygem-elasticsearch 7.6.0-1
CVE-2020-7020 affecting package rubygem-elasticsearch 7.6.0-1. An upgraded version of the package is available that resolves this issue...
Security Bulletin: IBM Cloud Private is vulnerable to Elastic vulnerabilities (CVE-2020-7020 )
Summary IBM Cloud Private is vulnerable to Elastic vulnerabilities Vulnerability Details CVEID: CVE-2020-7020 DESCRIPTION: Elastic Enterprise Search could allow a remote authenticated attacker to obtain sensitive information, caused by not properly preserving security permissions in search querie...
ai.grakn:grakn-dist (>=0.7.0 <=0.16.0), ai.grakn:grakn-test (=0.10.0) +1845 more potentially affected by CVE-2020-7020 via org.elasticsearch:elasticsearch (>=0.6.0 <=6.8.12)
org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.7.0, =0.6.1, =0.11.0, =0.3.0, =1.0.1, =5.1.0, =5.1.0, =5.1.0, =5.1.0, =5.1.0, =5.1.0, =5.1.0, =5.2.1 - ca.uhn.hapi.fhir:hapi-fhir-jpaserver-starter =5.2.0 and more Source cves: CVE-2020-7020 Source advisory: OSV:GHSA-G9FW-9X87-RMRJ...
CVE-2020-7020
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...
CVE-2020-7020
Elasticsearch vulnerability CVE-2020-7020 affects Elasticsearch versions shipped with IBM Tivoli Netcool Impact, specifically before 6.8.13 and 7.9.2. Root cause: a document disclosure flaw where Document/Field Level Security is used, causing search queries to fail to preserve security permission...