CVE-2019-13417

medium

Description

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.

References

https://search-guard.com/cve-advisory/

https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0

Details

Source: Mitre, NVD

Published: 2019-08-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N