Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE
Search-guard Search guard 6.5.3-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.5.1-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.3-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.2-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.1-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.0-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.0-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.2-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.2-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.2-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.1-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.1-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.1-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.0-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.0-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.4-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.4-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.3-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.3-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.2-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.2-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.1-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.1-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard - (not an official CPE)
Advisory | Patch | Confirmed | Link |
---|---|---|---|
https://docs.search-guard.com/6.x-21/changelog-searchgua... | |||
https://search-guard.com/cve-advisory/ |
Information Exposure (ID 200)
Related CAPEC 7
Subverting Environment Variable Values (CAPEC-ID 13)
Footprinting (CAPEC-ID 169)
Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22)
Browser Fingerprinting (CAPEC-ID 472)
Session Credential Falsification through Prediction (CAPEC-ID 59)
Reusing Session IDs (aka Session Replay) (CAPEC-ID 60)
Using Slashes in Alternate Encoding (CAPEC-ID 79)