Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-13418: CVE - advisory - Search Guard

Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.

CVE
Open in Source
#xss#vulnerability#perl#auth

SGSA 162019-03-19When Cross Cluster Search (CCS) is enabled, authenticated users can gain read access to data they are not authorized to seeUpdate6.x-24.3floragunnSGSA 152018-12-13Field caps and mapping API leak field names (not values) for fields which are not allowed for the user because FLS was activatedUpdate6.x-24.0floragunnSGSA 142018-12-13Values of string arrays in data are not properly anonymizedUpdate6.x-24.0floragunnSGSA 132018-03-19Possible URL injection on login page when basePath is setUpdateKibana plugin 6.x-16floragunnSGSA 122018-08-24REST API leak password hashes (not cleartext) for users endpointUpdate6.x-23.1Thorsten Lutz, SySS GmbHSGSA 112018-09-14For aggregations, clear text values of anonymised fields were leakedUpdate6.x-23.1floragunnSGSA 102018-01-18Password dependent timing side channel in AuthCredentialsUpdate6.x-21.0@madblobfishSGSA 92018-04-09A Kibana user could impersonate as kibanaserver user when providing wrong credentialsUpdateKibana Plugin 5.6.8-7 and Kibana Plugin 6.x-12Guy MollerSGSA 82018-04-04Redirect and XSS vulnerability in Kibana pluginUpdateKibana Plugin 5.6.8-7 and Kibana Plugin 6.x-12Vineet KumarSGSA 7n/a2017-08-10DLS/FLS leaking information when multitenancy module is installed and “do not fail on forbidden” is activatedUpdate or deactivate “do not fail on forbidden”SG v15Guy MollerSGSA 6n/a2017-02-13FLS/DLS not working for regex index patternsUpdate or avoid regex patternsSG v11 and DLS/FLS module v6Guy MollerSGSA 5n/a2017-01-13Auditlog does not log all security relevant eventsUpdateSG V10Guy MollerSGSA 4n/a2017-01-05FLS/DLS not working for index patternsUpdateSG v10 and DLS/FLS module v5Matej ZerovnikSGSA 3n/a2016-11-27Wrong permissions resolution for certain index/type combinationsUpdate6.x-23.1Lucas BremgartnerSGSA 2n/a2016-11-25DLS not picked up when getting documents by IDUpdateSG v9 and DLS/FLS module v5Fabio CornetiSGSA 1n/a2016-07-28Authentication cache lead to password hashcode vulnerabilityUpdateSG V4Vladimir Gordiychuk

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE