Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.
CVSS Information
N/A
Vulnerability Type
不安全的运行时授予权限
Vulnerability Title
Elastic X-Pack Security 权限许可和访问控制漏洞
Vulnerability Description
Elastic X-Pack是荷兰Elasticsearch公司的一个Elastic Stack(日志分析系统)的扩展。Security是其中的一个用来控制访问权限的功能。 Elastic X-Pack Security 5.4.1之前的版本和5.3.3之前的版本中存在安全漏洞。攻击者可利用该漏洞未授权查看数据。
CVSS Information
N/A
Vulnerability Type
N/A