1870346 – (CVE-2020-7019) CVE-2020-7019 elasticsearch: scrolling search can leak fields that should be hidden allowing access restriction bypass

Bug 1870346 (CVE-2020-7019) - CVE-2020-7019 elasticsearch: scrolling search can leak fields that should be hidden allowing access restriction bypass

Summary: CVE-2020-7019 elasticsearch: scrolling search can leak fields that should be ...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-7019
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1870347 1870348 1870349
Blocks:	1870351
TreeView+	depends on / blocked

Reported:	2020-08-19 20:28 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-02-16 19:27 UTC (History)
CC List:	45 users (show)
Fixed In Version:	elasticsearch 7.9.0, elasticsearch 6.8.12
Clone Of:
Environment:
Last Closed:	2020-08-24 21:15:21 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-08-19 20:28:25 UTC

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.

Reference:
https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456

Comment 1 Guilherme de Almeida Suckevicz 2020-08-19 20:28:55 UTC

Created python-elasticsearch tracking bugs for this issue:

Affects: epel-all [bug 1870347]
Affects: fedora-all [bug 1870349]
Affects: openstack-rdo [bug 1870348]

Comment 4 Przemyslaw Roguski 2020-08-24 16:02:04 UTC

External References:

https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456
https://www.elastic.co/community/security/

Comment 6 Product Security DevOps Team 2020-08-24 21:15:21 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-7019

Note You need to log in before you can comment on or make changes to this bug.

aileenc
akoufoud
alazarot
almorale
anstephe
aos-bugs
apevec
bmontgom
chazlett
dbecker
dbruno
drieden
eparis
etirelli
ggaughan
gmalinko
ibek
janstey
jburrell
jcantril
jjoyce
jochrist
jokerman
jschluet
jstastny
jtfas90
jwon
kbasil
krathod
kverlaen
lhh
lpeer
mburns
mnovotny
nstielau
paradhya
piotr1212
pjindal
rrajasek
rsynek
sclewis
sdaley
slinaber
sponnaga
steve.traylen