Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE
Search-guard Search guard 22.3 (not an official CPE)
Search-guard Search guard 21.0 (not an official CPE)
Search-guard Search guard 6.5.3-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.5.1-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.3-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.2-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.1-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.0-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.0-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.2-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.2-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.2-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.1-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.1-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.1-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.0-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.0-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.4-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.4-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.3-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.3-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.2-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.2-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.1-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.1-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard - (not an official CPE)
Search-guard Search guard 23.0 (not an official CPE)
Advisory | Patch | Confirmed | Link |
---|---|---|---|
https://docs.search-guard.com/6.x-23/changelog-searchgua... | |||
https://search-guard.com/cve-advisory/ |
Information Exposure (ID 200)
Related CAPEC 7
Subverting Environment Variable Values (CAPEC-ID 13)
Footprinting (CAPEC-ID 169)
Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22)
Browser Fingerprinting (CAPEC-ID 472)
Session Credential Falsification through Prediction (CAPEC-ID 59)
Reusing Session IDs (aka Session Replay) (CAPEC-ID 60)
Using Slashes in Alternate Encoding (CAPEC-ID 79)