CVE-2019-13417

Summary

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.

Affected Software

VendorProductVersion RangeStatus
floragunnSearch Guardunspecified < 24.0affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

References