CVE-2019-7611

Name of the Vulnerable Software and Affected Versions Elasticsearch versions prior to 5.6.15 Elasticsearch versions prior to 6.6.1

Description A permission issue was found when Field Level Security and Document Level Security are disabled and certain endpoints are used. If the elasticsearch.yml file has xpack.security.dls fls.enabled set to false, certain permission checks are skipped, potentially allowing an attacker to gain additional permissions against a restricted index. The issue arises when users perform actions involving the " aliases", " shrink", or " split" endpoints.

Recommendations For Elasticsearch versions prior to 5.6.15, update to version 5.6.15 or later to resolve the issue. For Elasticsearch versions prior to 6.6.1, update to version 6.6.1 or later to resolve the issue. As a temporary workaround, consider setting xpack.security.dls fls.enabled to true in the elasticsearch.yml file to enable Field Level Security and Document Level Security, and restrict access to the " aliases", " shrink", and " split" endpoints until a patch is applied.