CVE-2024-12539

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-12539

Severity

6.5

Medium

CVSS V3

Description

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.

References

https://images.chainguard.dev/security/CGA-3pg7-7wqx-48xh
https://github.com/advisories/GHSA-5mpw-4546-2wcr
https://images.chainguard.dev/security/CGA-698h-fmm6-vj85
https://images.chainguard.dev/security/CGA-6wjx-rfwc-3h26
https://images.chainguard.dev/security/CGA-qvm4-3c6g-4jg6
https://discuss.elastic.co/t/elasticsearch-8-16-2-8-17-0-security-update/372091

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-12539

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company