Search Guard versions prior to 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
search-guard search guard |