Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Elasticsearch 信息泄露漏洞
Vulnerability Description
Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎。该产品主要应用于云计算,并支持通过HTTP使用JSON进行数据索引。 Elasticsearch 存在信息泄露漏洞,攻击者可利用该漏洞通过Cross-cluster Search Queries绕过数据访问限制,以获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A