Lucene search
GoogleOSV:GHSA-C77J-P484-H84MHistoryMay 24, 2022 - 5:26 p.m.
Improper privilege management in elasticsearch
2022-05-2417:26:07
Google
osv.dev
8
0.001 Low
EPSS
Percentile
28.4%
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.
Related
cve
cve
CVE-2020-7019
2020-08-18 17:15:11
openvas
openvas
ubuntucve
ubuntucve
CVE-2020-7019
2020-08-18 00:00:00
nessus
nessus
FreeBSD : textproc/elasticsearch6 -- field disclosure flaw (fbca6863-e2ad-11ea-9d39-00a09858faf5)
2020-08-21 00:00:00
Photon OS 1.0: Elasticsearch PHSA-2020-1.0-0321
2020-10-21 00:00:00
Photon OS 3.0: Elasticsearch PHSA-2020-3.0-0135
2020-09-08 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-7019 affecting package rubygem-elasticsearch 7.6.0-1
2022-05-26 19:04:38
osv
osv
BIT-elasticsearch-2020-7019
2024-03-06 10:54:38
CVE-2020-7019
2020-08-18 17:15:11
ibm
ibm
redhatcve
redhatcve
CVE-2020-7019
2020-08-19 20:38:16
freebsd
freebsd
textproc/elasticsearch6 -- field disclosure flaw
2020-08-19 00:00:00
github
github
Improper privilege management in elasticsearch
2022-05-24 17:26:07
cvelist
cvelist
CVE-2020-7019
2020-08-18 16:40:14
prion
prion
Design/Logic Flaw
2020-08-18 17:15:00
veracode
veracode
Information Disclosure
2020-08-19 03:15:28
nvd
nvd
CVE-2020-7019
2020-08-18 17:15:11
photon
photon