Information Disclosure Affecting org.elasticsearch.plugin:x-pack package, versions [7.0.0,7.9.0) [6.0.0,6.8.12)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
20 Aug 2020
18 Aug 2020
How to fix?
org.elasticsearch.plugin:x-pack to version 7.9.0, 6.8.12 or higher.
org.elasticsearch.plugin:x-pack is an Elasticsearch Expanded Pack Plugin
Affected versions of this package are vulnerable to Information Disclosure. A field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.