CVE-2020-7019

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-7019
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7019.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-7019
Aliases
Related
Published
2020-08-18T17:15:11Z
Modified
2024-09-02T22:40:16Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Introduced
b7e28a7232616c7a21bc879a535d801b8553ba77
Fixed
a479a2a7fce0389512d6a9361301708b92dff667