Moderate severityNVD Advisory· Published Aug 18, 2020· Updated Aug 4, 2024
CVE-2020-7019
CVE-2020-7019
Description
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | >= 7.0.0, < 7.9.0 | 7.9.0 |
org.elasticsearch:elasticsearchMaven | < 6.8.12 | 6.8.12 |
Affected products
3- osv-coords2 versions
< 6.8.12+ 1 more
- (no CPE)range: < 6.8.12
- (no CPE)range: >= 7.0.0, < 7.9.0
- Range: before 7.9.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-c77j-p484-h84mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7019ghsaADVISORY
- discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456ghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20200827-0001ghsaWEB
- security.netapp.com/advisory/ntap-20200827-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.