admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-13417.md
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

18 lines
721 B
Markdown
Raw Blame History

### [CVE-2019-13417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13417)
![](https://img.shields.io/static/v1?label=Product&message=Search%20Guard&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2024.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%3A%20Incorrect%20Authorization&color=brighgreen)
### Description
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
### POC
#### Reference
- https://search-guard.com/cve-advisory/
#### Github
No PoCs found on GitHub currently.
Reference in New Issue View Git Blame Copy Permalink