20 matches found
CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data
A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...
EUVD-2022-3523
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-22134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not...
Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...
BIT-ELASTICSEARCH-2020-7019
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...
Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure
Description The plugin does not prevent user with at least the contributor role from leaking other users' sensitive metadata. As a contributor, - Add shortcode to any post and specify/guess any user ID and meta key and save - Preview the post and see custom field value outputs from any user Examp...
Improper privilege management in elasticsearch
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...
Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana
Summary Vulnerabilities detected in Elasticsearch before versions 7.9.0 and 6.8.12 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2020-7019 DESCRIPTION: Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a field disclosure...
Elastic Elasticsearch Multiple Vulnerabilities (ESA-2021-06, ESA-2021-08)
Elasticsearch is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:elasticsearch";...
Elastic Stack 7.9.3 and 6.8.13 Security Update
Elasticsearch field disclosure flaw ESA-2020-13 A document disclosure flaw was found in Elasticsearch when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the...
FreeBSD : textproc/elasticsearch6 -- field disclosure flaw (fbca6863-e2ad-11ea-9d39-00a09858faf5)
Elastic reports : A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker...
Elasticsearch Field Disclosure Vulnerability
Elasticsearch is a search engine based on the Lucene library. A field disclosure vulnerability exists in Elasticsearch versions prior to 7.9.0, 6.8.12 when running a rolling search using Field Level Security. An attacker can exploit this vulnerability to gain access to fields that are supposed to...
CVE-2020-7019
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...
CVE-2020-7019
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...
Design/Logic Flaw
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...
CVE-2020-7019
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...
CVE-2020-7019
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...
CVE-2020-7019
CVE-2020-7019 affects Elasticsearch versions prior to 7.9.0 and 6.8.12. A field disclosure flaw occurs when running a scrolling search with Field Level Security: if a user runs the same query another, more privileged user recently ran, the scrolling search can leak hidden fields, potentially gran...
Elastic Stack 7.9.0 and 6.8.12 Security Update
Elasticsearch field disclosure flaw ESA-2020-12 A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This...
phpizabi-disclose.txt
-------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is just that, information and is...