UBUNTU-CVE-2020-7019

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-7019

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-7019.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-7019

Related

CVE-2020-7019

Published

2020-08-18T17:15:00Z

Modified

2024-10-15T14:07:54Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.

References

Affected packages

Ubuntu:Pro:16.04:LTS / elasticsearch

Package

Name: elasticsearch
Purl: pkg:deb/ubuntu/elasticsearch?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.2+dfsg-1

1.7.3+dfsg-1

1.7.3+dfsg-2

1.7.3+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}