CVE-2024-12539

Name of the Vulnerable Software and Affected Versions Elasticsearch (affected versions not specified)

Description The issue is related to improper authorization controls affecting certain queries in Elasticsearch. This could allow a malicious actor to circumvent Document Level Security and obtain access to documents that their roles would normally not allow. The vulnerability is related to incorrect authorization, which may enable a remote attacker to access protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.