Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2020-10-22T16:30:15

Updated: 2024-08-04T09:18:02.985Z

Reserved: 2020-01-14T00:00:00

Link: CVE-2020-7020

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-22T17:15:12.693

Modified: 2024-11-21T05:36:30.507

Link: CVE-2020-7020

cve-icon Redhat

Severity : Low

Publid Date: 2020-10-22T00:00:00Z

Links: CVE-2020-7020 - Bugzilla