CVE-2019-13417
N/A
N/A
Summary
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| floragunn | Search Guard | unspecified < 24.0 | affected |
Weaknesses
- CWE-863: CWE-863: Incorrect Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://search-guard.com/cve-advisory/
- https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0
References
- https://search-guard.com/cve-advisory/
- https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.