Vulnerabilites related to floragunn - Search Guard
CVE-2019-13417 (GCVE-0-2019-13417)
Vulnerability from cvelistv5
Published
2019-08-12 20:51
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Version: unspecified < 24.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "24.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-12T20:51:23",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "24.0"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13417",
"datePublished": "2019-08-12T20:51:23",
"dateReserved": "2019-07-08T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13418 (GCVE-0-2019-13418)
Vulnerability from cvelistv5
Published
2019-08-12 21:12
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Summary
Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Version: unspecified < 24.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "24.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-12T21:12:11",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "24.0"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13418",
"datePublished": "2019-08-12T21:12:11",
"dateReserved": "2019-07-08T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13420 (GCVE-0-2019-13420)
Vulnerability from cvelistv5
Published
2019-08-13 14:25
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-208 - Information Exposure Through Timing Discrepancy
Summary
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Version: unspecified < 21.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "21.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 21.0 had an timing side channel issue when using the internal user database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Information Exposure Through Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T14:25:43",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.0"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 21.0 had an timing side channel issue when using the internal user database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208: Information Exposure Through Timing Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13420",
"datePublished": "2019-08-13T14:25:43",
"dateReserved": "2019-07-08T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13416 (GCVE-0-2019-13416)
Vulnerability from cvelistv5
Published
2019-08-13 18:58
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Version: before 24.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"status": "affected",
"version": "before 24.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T18:58:45",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_value": "before 24.3"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13416",
"datePublished": "2019-08-13T18:58:45",
"dateReserved": "2019-07-08T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13421 (GCVE-0-2019-13421)
Vulnerability from cvelistv5
Published
2019-08-23 13:26
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Version: unspecified < 23.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "23.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This security vulnerability was found by Torsten Lutz and Oliver Streicher of SySS\nGmbH.\n\nE-Mail: torsten.lutz (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Torsten_Lutz.asc\nKey Fingerprint: DAB2 86A6 C099 1350 9FCB FB9B 94E8 DC24 BAEC ACC8\n\nE-Mail: oliver.streicher (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Oliver_Streicher.asc\nKey Fingerprint: 1973 E30F 7966 F45E CCAB 1BF1 3F08 A35E DCB8 35D6"
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T13:26:46",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "23.1"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This security vulnerability was found by Torsten Lutz and Oliver Streicher of SySS\nGmbH.\n\nE-Mail: torsten.lutz (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Torsten_Lutz.asc\nKey Fingerprint: DAB2 86A6 C099 1350 9FCB FB9B 94E8 DC24 BAEC ACC8\n\nE-Mail: oliver.streicher (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Oliver_Streicher.asc\nKey Fingerprint: 1973 E30F 7966 F45E CCAB 1BF1 3F08 A35E DCB8 35D6"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
},
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"
}
]
},
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13421",
"datePublished": "2019-08-23T13:26:46",
"dateReserved": "2019-07-08T00:00:00",
"dateUpdated": "2024-08-04T23:49:25.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13419 (GCVE-0-2019-13419)
Vulnerability from cvelistv5
Published
2019-08-13 14:28
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Summary
Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Version: unspecified < 23.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "23.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T14:28:44",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "23.1"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13419",
"datePublished": "2019-08-13T14:28:44",
"dateReserved": "2019-07-08T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13415 (GCVE-0-2019-13415)
Vulnerability from cvelistv5
Published
2019-08-13 18:59
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Summary
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Version: before 24.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"status": "affected",
"version": "before 24.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T18:59:59",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_value": "before 24.3"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13415",
"datePublished": "2019-08-13T18:59:59",
"dateReserved": "2019-07-08T00:00:00",
"dateUpdated": "2024-08-04T23:49:25.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}