CVE-2020-7020

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7020

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7020.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7020

Aliases

Related

UBUNTU-CVE-2020-7020

Published

2020-10-22T17:15:12Z

Modified

2024-10-11T10:10:46Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

b7e28a7232616c7a21bc879a535d801b8553ba77

Fixed

d34da0ea4a966c4e49417f2da2f244e3e97b4e6e