Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
Vector
NETWORK
Complexity
LOW
Authentication
SINGLE_INSTANCE
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE
Search-guard Search guard 22.3 (not an official CPE)
Search-guard Search guard 21.0 (not an official CPE)
Search-guard Search guard 6.5.3-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.5.1-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.3-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.2-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.1-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.0-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.4.0-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.2-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.2-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.2-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.1-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.1-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.1-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.0-16 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.3.0-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.4-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.4-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.3-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.3-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.2-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.2-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.1-15 ~~~kibana~~ (not an official CPE)
Search-guard Search guard 6.2.1-14 ~~~kibana~~ (not an official CPE)
Search-guard Search guard - (not an official CPE)
Search-guard Search guard 23.0 (not an official CPE)
Information Exposure (ID 200)
Related CAPEC 7
Subverting Environment Variable Values (CAPEC-ID 13)
Footprinting (CAPEC-ID 169)
Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22)
Browser Fingerprinting (CAPEC-ID 472)
Session Credential Falsification through Prediction (CAPEC-ID 59)
Reusing Session IDs (aka Session Replay) (CAPEC-ID 60)
Using Slashes in Alternate Encoding (CAPEC-ID 79)