FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

textproc/elasticsearch6 -- field disclosure flaw

Affected packages
elasticsearch6 < 6.8.12

Details

VuXML ID fbca6863-e2ad-11ea-9d39-00a09858faf5
Discovery 2020-08-19
Entry 2020-08-20

Elastic reports:

A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.

References

CVE Name CVE-2020-7019
URL https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456
URL https://github.com/elastic/elasticsearch/pull/39490