From 15bdf2b27fa195c07de34f62925defe8fda2f3e7 Mon Sep 17 00:00:00 2001 From: floragunn Date: Sat, 3 Aug 2019 16:35:00 +0200 Subject: [PATCH] CVE-2019-13415 --- 2019/13xxx/CVE-2019-13415.json | 67 ++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 2019/13xxx/CVE-2019-13415.json diff --git a/2019/13xxx/CVE-2019-13415.json b/2019/13xxx/CVE-2019-13415.json new file mode 100644 index 00000000000..ca9f1e644ad --- /dev/null +++ b/2019/13xxx/CVE-2019-13415.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security@search-guard.com", + "ID": "CVE-2019-13415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "floragunn", + "product": { + "product_data": [ + { + "product_name": "Search Guard", + "version": { + "version_data": [ + { + "version_value": "before 24.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://search-guard.com/cve-advisory/", + "refsource": "MISC", + "name": "https://search-guard.com/cve-advisory/" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3", + "name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Search Guard versions before 24.3 had an issue than, when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see." + } + ] + } +} \ No newline at end of file