Vulnerability Details CVE-2019-13417
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2019-13417
-
cpe:2.3:a:search-guard:search_guard:-
-
cpe:2.3:a:search-guard:search_guard:1
-
cpe:2.3:a:search-guard:search_guard:21.0
-
cpe:2.3:a:search-guard:search_guard:22.3
-
cpe:2.3:a:search-guard:search_guard:23.0
-
cpe:2.3:a:search-guard:search_guard:23.1
-
cpe:2.3:a:search-guard:search_guard:23.2
-
cpe:2.3:a:search-guard:search_guard:4.6.0-1
-
cpe:2.3:a:search-guard:search_guard:4.6.0-2
-
cpe:2.3:a:search-guard:search_guard:5.0.2-1
-
cpe:2.3:a:search-guard:search_guard:5.0.2-2
-
cpe:2.3:a:search-guard:search_guard:5.1.1-1
-
cpe:2.3:a:search-guard:search_guard:5.1.1-2
-
cpe:2.3:a:search-guard:search_guard:5.1.2-1
-
cpe:2.3:a:search-guard:search_guard:5.1.2-2
-
cpe:2.3:a:search-guard:search_guard:5.2.0-1
-
cpe:2.3:a:search-guard:search_guard:5.2.0-2
-
cpe:2.3:a:search-guard:search_guard:5.2.0-3
-
cpe:2.3:a:search-guard:search_guard:5.2.1-1
-
cpe:2.3:a:search-guard:search_guard:5.2.1-2
-
cpe:2.3:a:search-guard:search_guard:5.2.1-3
-
cpe:2.3:a:search-guard:search_guard:5.2.2
-
cpe:2.3:a:search-guard:search_guard:5.2.2-1
-
cpe:2.3:a:search-guard:search_guard:5.2.2-2
-
cpe:2.3:a:search-guard:search_guard:5.2.2-3
-
cpe:2.3:a:search-guard:search_guard:5.3.0-1
-
cpe:2.3:a:search-guard:search_guard:5.3.0-2
-
cpe:2.3:a:search-guard:search_guard:5.3.0-3
-
cpe:2.3:a:search-guard:search_guard:5.3.1-2
-
cpe:2.3:a:search-guard:search_guard:5.3.1-3
-
cpe:2.3:a:search-guard:search_guard:5.3.2-2
-
cpe:2.3:a:search-guard:search_guard:5.3.2-3
-
cpe:2.3:a:search-guard:search_guard:5.3.3-3
-
cpe:2.3:a:search-guard:search_guard:5.4.0
-
cpe:2.3:a:search-guard:search_guard:5.4.0-3
-
cpe:2.3:a:search-guard:search_guard:5.4.0-4
-
cpe:2.3:a:search-guard:search_guard:5.4.1-3
-
cpe:2.3:a:search-guard:search_guard:5.4.1-4
-
cpe:2.3:a:search-guard:search_guard:5.4.2-3
-
cpe:2.3:a:search-guard:search_guard:5.4.2-4
-
cpe:2.3:a:search-guard:search_guard:5.4.3
-
cpe:2.3:a:search-guard:search_guard:5.4.3-3
-
cpe:2.3:a:search-guard:search_guard:5.4.3-4
-
cpe:2.3:a:search-guard:search_guard:5.5.0-3
-
cpe:2.3:a:search-guard:search_guard:5.5.0-4
-
cpe:2.3:a:search-guard:search_guard:5.5.1-3
-
cpe:2.3:a:search-guard:search_guard:5.5.1-4
-
cpe:2.3:a:search-guard:search_guard:5.5.2-4
-
cpe:2.3:a:search-guard:search_guard:5.5.3-4
-
cpe:2.3:a:search-guard:search_guard:5.6.0-4
-
cpe:2.3:a:search-guard:search_guard:5.6.0-5
-
cpe:2.3:a:search-guard:search_guard:5.6.2-4
-
cpe:2.3:a:search-guard:search_guard:5.6.2-5
-
cpe:2.3:a:search-guard:search_guard:5.6.3-4
-
cpe:2.3:a:search-guard:search_guard:5.6.3-5
-
cpe:2.3:a:search-guard:search_guard:5.6.4-5
-
cpe:2.3:a:search-guard:search_guard:5.6.5-5
-
cpe:2.3:a:search-guard:search_guard:5.6.6-5
-
cpe:2.3:a:search-guard:search_guard:5.6.7-6
-
cpe:2.3:a:search-guard:search_guard:5.6.8-6
-
cpe:2.3:a:search-guard:search_guard:5.6.8-7
-
cpe:2.3:a:search-guard:search_guard:6.1.0-10
-
cpe:2.3:a:search-guard:search_guard:6.1.0-8
-
cpe:2.3:a:search-guard:search_guard:6.1.1-10
-
cpe:2.3:a:search-guard:search_guard:6.1.1-12
-
cpe:2.3:a:search-guard:search_guard:6.1.1-9
-
cpe:2.3:a:search-guard:search_guard:6.1.2-10
-
cpe:2.3:a:search-guard:search_guard:6.1.2-12
-
cpe:2.3:a:search-guard:search_guard:6.1.2-9
-
cpe:2.3:a:search-guard:search_guard:6.1.3-10
-
cpe:2.3:a:search-guard:search_guard:6.1.3-12
-
cpe:2.3:a:search-guard:search_guard:6.1.3-9
-
cpe:2.3:a:search-guard:search_guard:6.1.4-12
-
cpe:2.3:a:search-guard:search_guard:6.2.1-10
-
cpe:2.3:a:search-guard:search_guard:6.2.1-12
-
cpe:2.3:a:search-guard:search_guard:6.2.1-14
-
cpe:2.3:a:search-guard:search_guard:6.2.1-15
-
cpe:2.3:a:search-guard:search_guard:6.2.2-10
-
cpe:2.3:a:search-guard:search_guard:6.2.2-12
-
cpe:2.3:a:search-guard:search_guard:6.2.2-14
-
cpe:2.3:a:search-guard:search_guard:6.2.2-15
-
cpe:2.3:a:search-guard:search_guard:6.2.3-12
-
cpe:2.3:a:search-guard:search_guard:6.2.3-14
-
cpe:2.3:a:search-guard:search_guard:6.2.3-15
-
cpe:2.3:a:search-guard:search_guard:6.2.4-14
-
cpe:2.3:a:search-guard:search_guard:6.2.4-15
-
cpe:2.3:a:search-guard:search_guard:6.3.0-14
-
cpe:2.3:a:search-guard:search_guard:6.3.0-16
-
cpe:2.3:a:search-guard:search_guard:6.3.1-14
-
cpe:2.3:a:search-guard:search_guard:6.3.1-15
-
cpe:2.3:a:search-guard:search_guard:6.3.1-16
-
cpe:2.3:a:search-guard:search_guard:6.3.2-14
-
cpe:2.3:a:search-guard:search_guard:6.3.2-15
-
cpe:2.3:a:search-guard:search_guard:6.3.2-16
-
cpe:2.3:a:search-guard:search_guard:6.4.0-15
-
cpe:2.3:a:search-guard:search_guard:6.4.0-16
-
cpe:2.3:a:search-guard:search_guard:6.4.1-16
-
cpe:2.3:a:search-guard:search_guard:6.4.2-16
-
cpe:2.3:a:search-guard:search_guard:6.4.3-16
-
cpe:2.3:a:search-guard:search_guard:6.5.1-16
-
cpe:2.3:a:search-guard:search_guard:6.5.3-16