CVE-2019-13417

Published: Aug 12, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.

Affected (1)

Products: Search Guard: Search Guard

Search Guard

1 product

Search Guard

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Search Guard Search Guard	Before 24.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0

Source: security@search-guard.com

Release Notes

https://search-guard.com/cve-advisory/

Source: security@search-guard.com

Vendor Advisory

https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://search-guard.com/cve-advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.