1758535 – (CVE-2019-13415) CVE-2019-13415 search-guard: authenticated users can gain read access to data they are not authorized to see

Bug 1758535 (CVE-2019-13415) - CVE-2019-13415 search-guard: authenticated users can gain read access to data they are not authorized to see

Summary: CVE-2019-13415 search-guard: authenticated users can gain read access to data...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-13415
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1760649 1760650 1760651 1760652 1760653 1760654 1760655
Blocks:	1758536
TreeView+	depends on / blocked

Reported:	2019-10-04 13:14 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-10-27 10:49 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-27 10:49:32 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2019-10-04 13:14:19 UTC

Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.

References:
https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3
https://search-guard.com/cve-advisory/

Comment 1 Jason Shepherd 2019-10-09 04:53:59 UTC

Use of Cross Cluster Search is not supported in all versions of OpenShift.

Comment 2 Product Security DevOps Team 2019-10-09 06:51:07 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-13415

Note You need to log in before you can comment on or make changes to this bug.