Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elasticsearch Incorrect Authorization
Vulnerability Description
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Elastic Elasticsearch 安全漏洞
Vulnerability Description
Elastic Elasticsearch是荷兰Elastic公司的一个基于Lucene库的搜索引擎。 Elastic Elasticsearch 8.16.0版本和8.16.1版本存在安全漏洞,该漏洞源于授权控制不当,允许恶意行为者绕过文档级别安全性,并访问其角色正常情况下不允许访问的文档。
CVSS Information
N/A
Vulnerability Type
N/A