CVE-2020-7019 is a vulnerability in Elasticsearch
Published on August 18, 2020
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.
Weakness Type
Privilege Context Switching Error
The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
Products Associated with CVE-2020-7019
Want to know whenever a new CVE is published for Elasticsearch? stack.watch will email you.
Affected Versions
Elasticsearch Version before 7.9.0 is affected by CVE-2020-7019Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.