FKIE_CVE-2019-7611

Vulnerability from fkie_nvd - Published: 2019-03-25 19:29 - Updated: 2024-11-21 04:48
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
References
security@elastic.cohttps://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077Vendor Advisory
security@elastic.cohttps://www.elastic.co/community/securityVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.elastic.co/community/securityVendor Advisory
Impacted products
Vendor Product Version
elastic elasticsearch *
elastic elasticsearch *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE497C38-A3FA-4035-B170-5C58AAC425AE",
              "versionEndExcluding": "5.6.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFDDB30B-F1F5-4D7F-A7AA-8335B15FA9E8",
              "versionEndExcluding": "6.6.1",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un problema de permiso en versiones anteriores a las 5.6.15 y 6.6.1 de Elasticsearch cuando se encuentran deshabilitados Field Level Security y Document Level Security, y se utilizan los endpoints _aliases, _shrink o _split. Si el archivo elasticsearch.yml tiene la opci\u00f3n xpack.security.dls_fls.enabled configurada en \u2018\u2018false\u2019\u2019, se omiten ciertas comprobaciones de permiso cuando los usuarios ejecutan una de las acciones mencionadas anteriormente, para hacer que los datos existentes sean disponibles bajo un nuevo alias o nombre de \u00edndice. Esto podr\u00eda resultar en que un atacante logre permisos adicionales en un \u00edndice restringido."
    }
  ],
  "id": "CVE-2019-7611",
  "lastModified": "2024-11-21T04:48:23.933",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-25T19:29:02.257",
  "references": [
    {
      "source": "security@elastic.co",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
    },
    {
      "source": "security@elastic.co",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elastic.co/community/security"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elastic.co/community/security"
    }
  ],
  "sourceIdentifier": "security@elastic.co",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "security@elastic.co",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.