Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by search-guard
CVE-2026-4819 (GCVE-0-2026-4819)
Vulnerability from cvelistv5 – Published: 2026-03-31 14:57 – Updated: 2026-03-31 17:23
VLAI?
Title
Search Guard audit logs can contain under certain conditions user credentials
Summary
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
Severity ?
4.9 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard FLX |
Affected:
1.0.0 , ≤ 4.0.1
(semver)
|
Date Public ?
2026-03-31 10:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T17:23:37.990130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T17:23:46.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Search Guard FLX",
"vendor": "floragunn",
"versions": [
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-31T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."
}
],
"value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:57:56.792Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"url": "https://search-guard.com/cve-advisory/"
},
{
"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Search Guard audit logs can contain under certain conditions user credentials",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2026-4819",
"datePublished": "2026-03-31T14:57:56.792Z",
"dateReserved": "2026-03-25T13:44:37.576Z",
"dateUpdated": "2026-03-31T17:23:46.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4818 (GCVE-0-2026-4818)
Vulnerability from cvelistv5 – Published: 2026-03-31 14:53 – Updated: 2026-03-31 17:23
VLAI?
Title
Some management operations on data streams are not properly restricted when user does not have the necessary privileges
Summary
In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.
Severity ?
6.8 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard FLX |
Affected:
3.0.0 , ≤ 4.0.1
(semver)
|
Date Public ?
2026-03-31 10:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T17:23:12.638976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T17:23:23.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Search Guard FLX",
"vendor": "floragunn",
"versions": [
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-31T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams."
}
],
"value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:53:19.875Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"url": "https://search-guard.com/cve-advisory/"
},
{
"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Some management operations on data streams are not properly restricted when user does not have the necessary privileges",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2026-4818",
"datePublished": "2026-03-31T14:53:19.875Z",
"dateReserved": "2026-03-25T13:44:35.684Z",
"dateUpdated": "2026-03-31T17:23:23.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4799 (GCVE-0-2026-4799)
Vulnerability from cvelistv5 – Published: 2026-03-31 14:41 – Updated: 2026-03-31 17:20
VLAI?
Title
Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests
Summary
In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.
Severity ?
4.3 (Medium)
CWE
- CWE-601 - URL redirection to untrusted site ('open redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard FLX |
Affected:
1.0.0 , ≤ 4.0.1
(semver)
|
Date Public ?
2026-03-31 10:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T17:19:54.253854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T17:20:02.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Search Guard FLX",
"vendor": "floragunn",
"versions": [
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-31T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL."
}
],
"value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:41:05.646Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"url": "https://search-guard.com/cve-advisory/"
},
{
"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2026-4799",
"datePublished": "2026-03-31T14:41:05.646Z",
"dateReserved": "2026-03-25T08:43:23.387Z",
"dateUpdated": "2026-03-31T17:20:02.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-13422 (GCVE-0-2019-13422)
Vulnerability from cvelistv5 – Published: 2019-08-23 13:35 – Updated: 2024-08-04 23:49
VLAI?
Summary
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard Kibana Plugin |
Affected:
unspecified , < 5.6.8-7
(custom)
Affected: unspecified , < 6.x.y-12 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard Kibana Plugin",
"vendor": "floragunn",
"versions": [
{
"lessThan": "5.6.8-7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "6.x.y-12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T13:35:03.000Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard Kibana Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.6.8-7"
},
{
"version_affected": "\u003c",
"version_value": "6.x.y-12"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13422",
"datePublished": "2019-08-23T13:35:03.000Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13423 (GCVE-0-2019-13423)
Vulnerability from cvelistv5 – Published: 2019-08-23 13:30 – Updated: 2024-08-04 23:49
VLAI?
Summary
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time
Severity ?
No CVSS data available.
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard Kibana Plugin |
Affected:
unspecified , < 5.6.8-7
(custom)
Affected: unspecified , < 6.x.y-12 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard Kibana Plugin",
"vendor": "floragunn",
"versions": [
{
"lessThan": "5.6.8-7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "6.x.y-12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T13:30:26.000Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard Kibana Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.6.8-7"
},
{
"version_affected": "\u003c",
"version_value": "6.x.y-12"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13423",
"datePublished": "2019-08-23T13:30:26.000Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13421 (GCVE-0-2019-13421)
Vulnerability from cvelistv5 – Published: 2019-08-23 13:26 – Updated: 2024-08-04 23:49
VLAI?
Summary
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
Severity ?
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Affected:
unspecified , < 23.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "23.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This security vulnerability was found by Torsten Lutz and Oliver Streicher of SySS\nGmbH.\n\nE-Mail: torsten.lutz (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Torsten_Lutz.asc\nKey Fingerprint: DAB2 86A6 C099 1350 9FCB FB9B 94E8 DC24 BAEC ACC8\n\nE-Mail: oliver.streicher (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Oliver_Streicher.asc\nKey Fingerprint: 1973 E30F 7966 F45E CCAB 1BF1 3F08 A35E DCB8 35D6"
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T13:26:46.000Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "23.1"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This security vulnerability was found by Torsten Lutz and Oliver Streicher of SySS\nGmbH.\n\nE-Mail: torsten.lutz (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Torsten_Lutz.asc\nKey Fingerprint: DAB2 86A6 C099 1350 9FCB FB9B 94E8 DC24 BAEC ACC8\n\nE-Mail: oliver.streicher (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Oliver_Streicher.asc\nKey Fingerprint: 1973 E30F 7966 F45E CCAB 1BF1 3F08 A35E DCB8 35D6"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
},
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"
}
]
},
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13421",
"datePublished": "2019-08-23T13:26:46.000Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:25.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13415 (GCVE-0-2019-13415)
Vulnerability from cvelistv5 – Published: 2019-08-13 18:59 – Updated: 2024-08-04 23:49
VLAI?
Summary
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
Severity ?
No CVSS data available.
CWE
- CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Affected:
before 24.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"status": "affected",
"version": "before 24.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T18:59:59.000Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_value": "before 24.3"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13415",
"datePublished": "2019-08-13T18:59:59.000Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:25.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13416 (GCVE-0-2019-13416)
Vulnerability from cvelistv5 – Published: 2019-08-13 18:58 – Updated: 2024-08-04 23:49
VLAI?
Summary
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
Severity ?
No CVSS data available.
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Affected:
before 24.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"status": "affected",
"version": "before 24.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T18:58:45.000Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_value": "before 24.3"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13416",
"datePublished": "2019-08-13T18:58:45.000Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13419 (GCVE-0-2019-13419)
Vulnerability from cvelistv5 – Published: 2019-08-13 14:28 – Updated: 2024-08-04 23:49
VLAI?
Summary
Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.
Severity ?
No CVSS data available.
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Affected:
unspecified , < 23.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "23.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T14:28:44.000Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "23.1"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13419",
"datePublished": "2019-08-13T14:28:44.000Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13420 (GCVE-0-2019-13420)
Vulnerability from cvelistv5 – Published: 2019-08-13 14:25 – Updated: 2024-08-04 23:49
VLAI?
Summary
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
Severity ?
No CVSS data available.
CWE
- CWE-208 - Information Exposure Through Timing Discrepancy
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Affected:
unspecified , < 21.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "21.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 21.0 had an timing side channel issue when using the internal user database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Information Exposure Through Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T14:25:43.000Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.0"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 21.0 had an timing side channel issue when using the internal user database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208: Information Exposure Through Timing Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13420",
"datePublished": "2019-08-13T14:25:43.000Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13418 (GCVE-0-2019-13418)
Vulnerability from cvelistv5 – Published: 2019-08-12 21:12 – Updated: 2024-08-04 23:49
VLAI?
Summary
Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.
Severity ?
No CVSS data available.
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Affected:
unspecified , < 24.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "24.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-12T21:12:11.000Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "24.0"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13418",
"datePublished": "2019-08-12T21:12:11.000Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13417 (GCVE-0-2019-13417)
Vulnerability from cvelistv5 – Published: 2019-08-12 20:51 – Updated: 2024-08-04 23:49
VLAI?
Summary
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| floragunn | Search Guard |
Affected:
unspecified , < 24.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Search Guard",
"vendor": "floragunn",
"versions": [
{
"lessThan": "24.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-12T20:51:23.000Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search-guard.com/cve-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@search-guard.com",
"ID": "CVE-2019-13417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Guard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "24.0"
}
]
}
}
]
},
"vendor_name": "floragunn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search-guard.com/cve-advisory/",
"refsource": "MISC",
"url": "https://search-guard.com/cve-advisory/"
},
{
"name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2019-13417",
"datePublished": "2019-08-12T20:51:23.000Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20698 (GCVE-0-2018-20698)
Vulnerability from cvelistv5 – Published: 2019-04-09 17:06 – Updated: 2024-08-05 12:05
VLAI?
Summary
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.search-guard.com/latest/changelog-kibana-6.x-16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/floragunncom/search-guard-kibana-plugin/pull/140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T17:06:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.search-guard.com/latest/changelog-kibana-6.x-16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/floragunncom/search-guard-kibana-plugin/pull/140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.search-guard.com/latest/changelog-kibana-6.x-16",
"refsource": "CONFIRM",
"url": "https://docs.search-guard.com/latest/changelog-kibana-6.x-16"
},
{
"name": "https://github.com/floragunncom/search-guard-kibana-plugin/pull/140",
"refsource": "CONFIRM",
"url": "https://github.com/floragunncom/search-guard-kibana-plugin/pull/140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20698",
"datePublished": "2019-04-09T17:06:00.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:05:17.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}