Lucene search
K

20 matches found

Cvelist
Cvelist
added 2026/06/04 1:54 p.m.33 views

CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3523

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.01204EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-22134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not...

4.3CVSS6.2AI score0.01112EPSS
Exploits0References2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.142 views

Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure

Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...

6.8AI score0.00501EPSS
Exploits2References1
OSV
OSV
added 2024/03/06 10:54 a.m.18 views

BIT-ELASTICSEARCH-2020-7019

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...

6.5CVSS6.2AI score0.01204EPSS
Exploits0References3
wpexploit
wpexploit
added 2024/02/16 12:0 a.m.138 views

Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure

Description The plugin does not prevent user with at least the contributor role from leaking other users' sensitive metadata. As a contributor, - Add shortcode to any post and specify/guess any user ID and meta key and save - Preview the post and see custom field value outputs from any user Examp...

6.7AI score0.00548EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2022/05/24 5:26 p.m.23 views

Improper privilege management in elasticsearch

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...

6.5CVSS6.5AI score0.01204EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.24 views

Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana

Summary Vulnerabilities detected in Elasticsearch before versions 7.9.0 and 6.8.12 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2020-7019 DESCRIPTION: Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a field disclosure...

6.5CVSS6.1AI score0.01204EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/05/14 12:0 a.m.29 views

Elastic Elasticsearch Multiple Vulnerabilities (ESA-2021-06, ESA-2021-08)

Elasticsearch is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:elasticsearch";...

5.3CVSS6.5AI score0.01162EPSS
Exploits0References1
Elastic
Elastic
added 2020/10/22 3:34 p.m.6 views

Elastic Stack 7.9.3 and 6.8.13 Security Update

Elasticsearch field disclosure flaw ESA-2020-13 A document disclosure flaw was found in Elasticsearch when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the...

7.4CVSS6.2AI score0.00999EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/08/21 12:0 a.m.17 views

FreeBSD : textproc/elasticsearch6 -- field disclosure flaw (fbca6863-e2ad-11ea-9d39-00a09858faf5)

Elastic reports : A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker...

6.5CVSS6.6AI score0.01204EPSS
Exploits0References4
CNVD
CNVD
added 2020/08/19 12:0 a.m.14 views

Elasticsearch Field Disclosure Vulnerability

Elasticsearch is a search engine based on the Lucene library. A field disclosure vulnerability exists in Elasticsearch versions prior to 7.9.0, 6.8.12 when running a rolling search using Field Level Security. An attacker can exploit this vulnerability to gain access to fields that are supposed to...

6.5CVSS6.8AI score0.01204EPSS
Exploits0References1
NVD
NVD
added 2020/08/18 5:15 p.m.18 views

CVE-2020-7019

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...

6.5CVSS6.4AI score0.01204EPSS
Exploits0References2
OSV
OSV
added 2020/08/18 5:15 p.m.18 views

CVE-2020-7019

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...

6.5CVSS6.3AI score
Exploits0References2
Prion
Prion
added 2020/08/18 5:15 p.m.20 views

Design/Logic Flaw

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...

4CVSS6.2AI score0.01204EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/08/18 5:15 p.m.27 views

CVE-2020-7019

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...

6.5CVSS6.8AI score0.01204EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/08/18 4:40 p.m.28 views

CVE-2020-7019

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...

6.3AI score0.01204EPSS
Exploits0References2
CVE
CVE
added 2020/08/18 4:40 p.m.87 views

CVE-2020-7019

CVE-2020-7019 affects Elasticsearch versions prior to 7.9.0 and 6.8.12. A field disclosure flaw occurs when running a scrolling search with Field Level Security: if a user runs the same query another, more privileged user recently ran, the scrolling search can leak hidden fields, potentially gran...

6.5CVSS6.2AI score0.01204EPSS
Exploits0References2Affected Software1
Elastic
Elastic
added 2020/08/18 3:11 p.m.7 views

Elastic Stack 7.9.0 and 6.8.12 Security Update

Elasticsearch field disclosure flaw ESA-2020-12 A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This...

6.5CVSS7.1AI score0.01204EPSS
Exploits0
Packet Storm
Packet Storm
added 2008/04/28 12:0 a.m.138 views

phpizabi-disclose.txt

-------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is just that, information and is...

7.4AI score
Exploits0
Rows per page
Query Builder