Lucene search
Veracode Vulnerability DatabaseVERACODE:26361HistoryAug 19, 2020 - 3:15 a.m.
Information Disclosure
2020-08-1903:15:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
28.4%
x-pack-security is vulnerable to information disclosure. When a user runs the same query as queried by another more privileged user, the scrolling search can leak fields that should be hidden, resulting in the user gaining additional permissions against a restricted index.
Related
cve
cve
CVE-2020-7019
2020-08-18 17:15:11
openvas
openvas
ubuntucve
ubuntucve
CVE-2020-7019
2020-08-18 00:00:00
nessus
nessus
FreeBSD : textproc/elasticsearch6 -- field disclosure flaw (fbca6863-e2ad-11ea-9d39-00a09858faf5)
2020-08-21 00:00:00
Photon OS 1.0: Elasticsearch PHSA-2020-1.0-0321
2020-10-21 00:00:00
Photon OS 3.0: Elasticsearch PHSA-2020-3.0-0135
2020-09-08 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-7019 affecting package rubygem-elasticsearch 7.6.0-1
2022-05-26 19:04:38
osv
osv
BIT-elasticsearch-2020-7019
2024-03-06 10:54:38
Improper privilege management in elasticsearch
2022-05-24 17:26:07
CVE-2020-7019
2020-08-18 17:15:11
ibm
ibm
redhatcve
redhatcve
CVE-2020-7019
2020-08-19 20:38:16
freebsd
freebsd
textproc/elasticsearch6 -- field disclosure flaw
2020-08-19 00:00:00
github
github
Improper privilege management in elasticsearch
2022-05-24 17:26:07
cvelist
cvelist
CVE-2020-7019
2020-08-18 16:40:14
nvd
nvd
CVE-2020-7019
2020-08-18 17:15:11
prion
prion
Design/Logic Flaw
2020-08-18 17:15:00
photon
photon