← Volver a CVEs
CVE-2019-13417
MEDIUM5.3
Descripcion
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/12/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
search-guard:search_guard
Debilidades (CWE)
CWE-863CWE-200
Referencias
https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0(security@search-guard.com)
https://search-guard.com/cve-advisory/(security@search-guard.com)
https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0(af854a3a-2127-422b-91ae-364da2661108)
https://search-guard.com/cve-advisory/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.