CVE-2019-13417

EPSS 1.1%CWE-863

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.

Productos afectados

floragunn · Search Guard

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0 https://search-guard.com/cve-advisory/