EIQ-2019-0014



ID

EIQ-2019-0014

CVE

CVE-2019-7611

Description

Additional permissions on restricted index in Elasticsearch

Date

12 Mar 2019

Severity

3 - HIGH

CVSSv3 score

CVSSv3 score not available on NIST NVD.

Status

images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/check.svg 2.3.4

Assessment

A permission issue was found in Elasticsearch when:

  • Field level security and document level security options are disabled, and

  • The following endpoints are used:

    • _aliases

    • _shrink

    • _split .

If xpack.security.dls_fls.enabled is set to false in the elasticsearch.yml configuration file, when users perform one of the actions mentioned above certain permission checks are skipped to make existing data available under a new index/alias name.
This could result in an attacker gaining additional permissions against a restricted index.

Mitigation

Upgrade to Elasticsearch 5.6.15 or 6.6.1.

Affected versions

2.3.3 and earlier.

Notes

By default, xpack.security.dls_fls.enabled is set to true in the elasticsearch.yml configuration file.

< Back to all security issues and mitigation actions

In release notes 2.3.4