1. Home
  2. Vulnerabilities
  3. CVE-2020-7020

CVE-2020-7020

CVSS v3.1 3.1 (Low)
31% Progress
CVSS v2.0 3.5 (Low)
35% Progress
EPSS 0.07 % (31th)
0.07% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.

Weaknesses
CWE-269
Improper Privilege Management
CWE-270
Privilege Context Switching Error
CVE Status
PUBLISHED
CNA
Elastic
Published Date
2020-10-22 17:15:12
(3 years ago)
Updated Date
2022-06-03 18:56:29
(2 years ago)

Affected Products

Elastic

Configuration #1

    CPE23 From Up To
  Elasticsearch prior 6.8.13 version cpe:2.3:a:elastic:elasticsearch < 6.8.13
  Elasticsearch from 7.0.0 version and prior 7.9.2 version cpe:2.3:a:elastic:elasticsearch >= 7.0.0 < 7.9.2