Lucene search
K

83 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.6 views

SUSE CVE-2021-22137

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

5.3CVSS6.4AI score0.01101EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.9 views

CVE-2022-41918 Issue with fine-grained access control of indices backing data streams

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

6.3CVSS6.4AI score0.0043EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/09/09 7:12 a.m.3 views

elasticsearch: Document disclosure flaw when Document or Field Level Security is used

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

5.3CVSS5.7AI score0.01101EPSS
Exploits0References5
NVD
NVD
added 2022/08/12 6:15 p.m.66 views

CVE-2022-35980

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

7.5CVSS0.00918EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/08/12 5:40 p.m.7 views

CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

7.5CVSS7.5AI score0.00918EPSS
Exploits0References3
OSV
OSV
added 2022/08/12 5:31 p.m.30 views

GHSA-F4QR-F4XX-HJXW OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

Impact Requests to an OpenSearch cluster configured with advanced access control features document level security DLS, field level security FLS, and/or field masking will not be filtered when the query's search pattern matches an aliased index. OpenSearch Dashboards creates an alias to .kibana by...

7.5CVSS7.5AI score0.00918EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/12 5:31 p.m.40 views

OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

Impact Requests to an OpenSearch cluster configured with advanced access control features document level security DLS, field level security FLS, and/or field masking will not be filtered when the query's search pattern matches an aliased index. OpenSearch Dashboards creates an alias to .kibana by...

7.5CVSS7.2AI score0.00918EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/12 12:0 a.m.5 views

PT-2022-23078 · Unknown · Opensearch +2

Name of the Vulnerable Software and Affected Versions: OpenSearch Security versions 2.0.0.0 through 2.1.0.0 Description: The issue concerns an information disclosure vulnerability in OpenSearch Security, a plugin for OpenSearch that provides encryption, authentication, and authorization. When an...

7.5CVSS7.2AI score0.00918EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.2 views

elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

3.5CVSS5.8AI score0.00999EPSS
Exploits0References6
OSV
OSV
added 2022/05/24 7:2 p.m.2 views

GHSA-HR65-QQ6P-87R4 Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...

5.3CVSS5.8AI score0.01101EPSS
Exploits0References4
OSV
OSV
added 2022/05/13 1:14 a.m.2 views

GHSA-FJ32-6V7M-57PG Improper Access Control in Elasticsearch

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the aliases, shrink, or split endpoints are used . If the elasticsearch.yml file has xpack.security.dlsfls.enabled set to false, certain permission...

8.1CVSS6.8AI score0.02149EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:14 a.m.42 views

Improper Access Control in Elasticsearch

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the aliases, shrink, or split endpoints are used . If the elasticsearch.yml file has xpack.security.dlsfls.enabled set to false, certain permission...

8.1CVSS7.5AI score0.02149EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2022/04/26 10:20 p.m.42 views

CVE-2021-22135

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...

5.3CVSS1.6AI score0.01162EPSS
Exploits0References4
OSV
OSV
added 2021/07/02 6:33 p.m.3 views

GHSA-62WW-4P3P-7FHJ API information disclosure flaw in Elasticsearch

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...

5.3CVSS7AI score0.01162EPSS
Exploits0References3
OSV
OSV
added 2021/05/13 6:15 p.m.3 views

UBUNTU-CVE-2021-22135

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...

5.3CVSS6.6AI score0.01162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/05/13 12:0 a.m.4 views

PT-2021-14863 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.11.2 Elasticsearch versions prior to 6.8.15 Description: A document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. Normally, the...

5.3CVSS5.3AI score0.01162EPSS
Exploits0References10
Prion
Prion
added 2021/03/08 9:15 p.m.23 views

Security feature bypass

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been...

4CVSS4.8AI score0.01112EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2020/03/18 2:51 p.m.7 views

elasticsearch: Improper permission issue when attaching a new name to an index

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the aliases, shrink, or split endpoints are used . If the elasticsearch.yml file has xpack.security.dlsfls.enabled set to false, certain permission...

8.1CVSS5.8AI score0.02149EPSS
Exploits0References4
NVD
NVD
added 2019/11/26 2:15 p.m.22 views

CVE-2016-6353

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler...

6.5CVSS6.5AI score0.00751EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/26 1:48 p.m.19 views

CVE-2016-6353

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler...

6.5AI score0.00751EPSS
Exploits0References1
Rows per page
Query Builder