1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-62WW-4P3P-7FHJ

[MAVEN:GHSA-62WW-4P3P-7FHJ] API information disclosure flaw in Elasticsearch

Severity Moderate
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view.

Package Affected Version
pkg:maven/org.elasticsearch/elasticsearch < 6.8.15
pkg:maven/org.elasticsearch/elasticsearch >= 7.0.0, < 7.11.2
Package Fixed Version
pkg:maven/org.elasticsearch/elasticsearch = 6.8.15
pkg:maven/org.elasticsearch/elasticsearch = 7.11.2
ID
MAVEN:GHSA-62WW-4P3P-7FHJ
Severity
moderate
URL
https://github.com/advisories/GHSA-62ww-4p3p-7fhj
Published
2021-07-02T18:33:02
(3 years ago)
Modified
2023-02-01T05:05:33
(19 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.elasticsearch/elasticsearch org.elasticsearch elasticsearch < 6.8.15
Fixed pkg:maven/org.elasticsearch/elasticsearch org.elasticsearch elasticsearch = 6.8.15
Affected pkg:maven/org.elasticsearch/elasticsearch org.elasticsearch elasticsearch >= 7.0.0 < 7.11.2
Fixed pkg:maven/org.elasticsearch/elasticsearch org.elasticsearch elasticsearch = 7.11.2
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date