CVE-2019-13418

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Search Guard versions prior to 24.0

Description The issue concerns the improper anonymization of string array values in documents. This affects the confidentiality of the data, as sensitive information may not be properly protected.

Recommendations For versions prior to 24.0, update to version 24.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive documents until the update can be applied.

Fix

Improper Validation of Array Index

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-311

Related Identifiers

CVE-2019-13418

Affected Products

Search Guard

CVE-2019-13418

Weakness Enumeration

Related Identifiers

Affected Products

References · 5