EIQ-2019-0014#

ID

EIQ-2019-0014

CVE

CVE-2019-7611

Description

Additional permissions on restricted index in Elasticsearch

Date

12 Mar 2019

Severity

3 - HIGH

CVSSv3 score

CVSSv3 score not available on NIST NVD.

Status

✅ 2.3.4

Assessment

A permission issue was found in Elasticsearch when:

  • Field level security and document level security options are disabled, and

  • The following endpoints are used:

    • _aliases

    • _shrink

    • _split

If xpack.security.dls_fls.enabled is set to false in the elasticsearch.yml configuration file, when users perform one of the actions mentioned above certain permission checks are skipped to make existing data available under a new index/alias name.

This could result in an attacker gaining additional permissions against a restricted index.

Mitigation

Upgrade to Elasticsearch 5.6.15 or 6.6.1.

Affected versions

2.3.3 and earlier.

Notes

By default, xpack.security.dls_fls.enabled is set to true in the elasticsearch.yml configuration file.