Lucene search
+L

5 matches found

SUSE CVE
SUSE CVE
added 2024/02/08 3:21 a.m.7 views

SUSE CVE-2024-23446

An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API may obtain unauthorized access to documents if...

6.5CVSS7AI score0.005EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/07 3:16 a.m.17 views

CVE-2024-23446 Kibana Broken Access Control issue

An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API may obtain unauthorized access to documents if...

6.5CVSS6.9AI score0.005EPSS
Exploits0References2
CVE
CVE
added 2024/02/07 3:16 a.m.113 views

CVE-2024-23446

CVE-2024-23446 pertains to Kibana’s Detection Engine Search API failing to enforce Document-level security (DLS) and Field-level security (FLS) on .alerts-security.alerts-{space_id} indices. The issue allows users with API access and DLS/FLS-enabled roles to potentially read unauthorized document...

6.5CVSS6.4AI score0.005EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/07 3:16 a.m.6 views

CVE-2024-23446 Kibana Broken Access Control issue

An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API may obtain unauthorized access to documents if...

6.5CVSS6.6AI score0.005EPSS
Exploits0References4
Elastic
Elastic
added 2024/02/06 10:13 p.m.8 views

Kibana 8.12.1 Security Update (ESA-2024-01)

Kibana Broken Access Control issue ESA-2024-01 An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API...

6.5CVSS6.8AI score0.005EPSS
Exploits0
Rows per page
Query Builder