An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Tue, 17 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Dec 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow. | |
Title | Elasticsearch Incorrect Authorization | |
Weaknesses | CWE-863 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2024-12-17T20:50:04.968Z
Updated: 2024-12-17T21:23:57.366Z
Reserved: 2024-12-11T20:10:08.792Z
Link: CVE-2024-12539
Vulnrichment
Updated: 2024-12-17T21:23:53.241Z
NVD
Status : Received
Published: 2024-12-17T21:15:07.183
Modified: 2024-12-17T21:15:07.183
Link: CVE-2024-12539
Redhat