Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2019-7611

Published: 25/03/2019 Updated: 19/10/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Elastic

Vulnerability Summary

A permission issue was found in Elasticsearch versions prior to 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

elastic elasticsearch

Vendor Advisories

Red Hat: Important: Red Hat Decision Manager 7.7.0 Security Update
Synopsis Important: Red Hat Decision Manager 770 Security Update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Moderate: Red Hat Process Automation Manager 7.7.0 Security Update
Synopsis Moderate: Red Hat Process Automation Manager 770 Security Update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Arch Linux Issues:
A permission issue was found in Elasticsearch when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used If the elasticsearchyml file has xpacksecuritydls_flsenabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make ...

References

NVD-CWE-Otherhttps://www.elastic.co/community/securityhttps://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:0899https://security.archlinux.org/CVE-2019-7611
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook