Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-12539

Dec. 17, 2024, 9:15 p.m.

Tags

CWE-863
bressers@elastic.co
2024-12-17
CVE-2024-12539

Product(s) Impacted

Elasticsearch

Description

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.

Weaknesses

CWE-863
Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CWE ID: 863

Date

Published: Dec. 17, 2024, 9:15 p.m.

Last Modified: Dec. 17, 2024, 9:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

bressers@elastic.co

References

https://discuss.elastic.co/ bressers@elastic.co