Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices.

N/A

信息暴露

Floragunn Search Guard FLX 安全漏洞

Floragunn Search Guard FLX是德国Floragunn公司的一款用于保护Elastic Search的安全组件。 Floragunn Search Guard FLX 3.1.2及之前版本存在安全漏洞，该漏洞源于从Signals watch触发搜索时未强制执行DLS规则，可能导致访问所有文档。

N/A

N/A