Attachment 217364 Details for Bug 248761 – textproc/elasticsearch6: Update to 6.8.12 vuxml entry

textproc/elasticsearch6: Update to 6.8.12 vuxml entry

textproc_elasticsearch6_6.8.12-vuln.xml (text/plain), 1.17 KB, created by Juraj Lutter on 2020-08-20 06:44:26 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Juraj Lutter

Created: 2020-08-20 06:44:26 UTC

Size: 1.17 KB

patch

obsolete

>  <vuln vid="fbca6863-e2ad-11ea-9d39-00a09858faf5">
>	  <topic>textproc/elasticsearch6 -- field disclosure flaw</topic>
>    <affects>
>      <package>
>	<name>elasticsearch6</name>
>	<range><lt>6.8.12</lt></range>
>      </package>
>    </affects>
>    <description>
>      <body xmlns="http://www.w3.org/1999/xhtml">
>	<p>Elastic reports:</p>
>	<blockquote cite="https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456">
>	<p>A field disclosure flaw was found in Elasticsearch when running
>	  a scrolling search with Field Level Security. If a user runs
>	  the same query another more privileged user recently ran,
>	  the scrolling search can leak fields that should be hidden.
>	  This could result in an attacker gaining additional permissions
>	  against a restricted index.</p>
>	</blockquote>
>      </body>
>    </description>
>    <references>
>      <cvename>CVE-2020-7019</cvename>
>      <url>https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456</url>
>      <url>https://github.com/elastic/elasticsearch/pull/39490</url>
>    </references>
>    <dates>
>      <discovery>2020-08-19</discovery>
>      <entry>2020-08-20</entry>
>    </dates>
>  </vuln>
>

Actions: View

Attachments on bug 248761: 217354 | 217364