0.001 Low
EPSS
Percentile
30.0%
elasticsearch is vulnerable to information disclosure. The vulnerability exists when Document or Field Level Security is used, as search queries do not properly preserve security permissions when executing certain complex queries.
discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033
github.com/elastic/elasticsearch/commit/4d528e91a125f1a3826e4072b869d8ec156c3138
github.com/elastic/elasticsearch/pull/61446
security.netapp.com/advisory/ntap-20201123-0001/
staging-website.elastic.co/community/security/