CVE-2026-4819
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
Affected (1)
Products: Search Guard: Flx
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 1.0.0 to 4.1.0 |
Related CWEs
CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
References (2)
Source: security@search-guard.com
Release Notes
Timeline
No history available yet.