CVE-2019-13419

2019-08-13 17:15:11 2019-10-10 01:46:28

Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Search-guard Search guard 22.3 (not an official CPE) Search-guard Search guard 21.0 (not an official CPE) Search-guard Search guard 6.5.3-16 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.5.1-16 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.4.3-16 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.4.2-16 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.4.1-16 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.4.0-16 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.4.0-15 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.3.2-16 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.3.2-15 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.3.2-14 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.3.1-16 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.3.1-15 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.3.1-14 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.3.0-16 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.3.0-14 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.2.4-15 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.2.4-14 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.2.3-15 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.2.3-14 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.2.2-15 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.2.2-14 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.2.1-15 ~~~kibana~~ (not an official CPE) Search-guard Search guard 6.2.1-14 ~~~kibana~~ (not an official CPE) Search-guard Search guard - (not an official CPE) Search-guard Search guard 23.0 (not an official CPE)

Search-guard - Search guard

Advisory	Patch	Confirmed	Link
			https://docs.search-guard.com/6.x-23/changelog-searchgua...
			https://search-guard.com/cve-advisory/

Information Exposure (ID 200)

Related CAPEC 7 Subverting Environment Variable Values (CAPEC-ID 13) Footprinting (CAPEC-ID 169) Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22) Browser Fingerprinting (CAPEC-ID 472) Session Credential Falsification through Prediction (CAPEC-ID 59) Reusing Session IDs (aka Session Replay) (CAPEC-ID 60) Using Slashes in Alternate Encoding (CAPEC-ID 79)