Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized access to fields protected by Field Masking (FM) for fields of type IP
Vulnerability Description
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document returned by search operations, the results do return documents (hits) when searching based on a specific IP values. This allows to reconstruct the original contents of the field. Workaround - If you cannot upgrade immediately, you can avoid the problem by using field level security (FLS) protection on fields of the affected types instead of field masking.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Floragunn Search Guard FLX 安全漏洞
Vulnerability Description
Floragunn Search Guard FLX是德国Floragunn公司的一款用于保护Elastic Search的安全组件。 Floragunn Search Guard FLX 3.1.1及之前版本存在安全漏洞,该漏洞源于IP类型字段的字段掩码规则执行不当,可能导致原始字段内容被重建。
CVSS Information
N/A
Vulnerability Type
N/A