Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
CVSS Information
N/A
Vulnerability Type
特权上下文切换错误
Vulnerability Title
Elasticsearch 安全漏洞
Vulnerability Description
Elasticsearch是一个基于Lucene库的搜索引擎。 Elasticsearch 6.8.13版本和7.9.2之前版本存在安全漏洞,该漏洞源于在使用文档或字段级安全时包含文档泄露缺陷。在执行某些复杂查询时,搜索查询不能正确地保留安全权限。这可能导致搜索暴露了攻击者无法查看的文档的存在。攻击者可利用该漏洞对潜在的敏感索引有更多的了解。
CVSS Information
N/A
Vulnerability Type
N/A