Vulnerability: CVE-2020-7019

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.


https://security.netapp.com/advisory/ntap-20200827-0001/
https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456
https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7019


It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.


Leave a Reply