← Back

CVE-2019-13418

nvd nist
Published: Aug 12, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.

Affected (1)

Search Guard
1 product
Search Guard
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Search Guard
Before 24.0

Related CWEs

CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-311
Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.

References (4)

Source: security@search-guard.com
Release Notes
Source: security@search-guard.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.