CVE-2019-7611 - OpenCVE

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Elastic	Elasticsearch

Configuration 1 [-]

OR	cpe:2.3:a:elastic:elasticsearch::::::::
	cpe:2.3:a:elastic:elasticsearch::::::::

References

Link	Resource
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077	Vendor Advisory
https://www.elastic.co/community/security	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: elastic

Published: 2019-03-25T18:34:06

Updated: 2019-03-25T18:34:06

Reserved: 2019-02-07T00:00:00

Link: CVE-2019-7611

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-03-25T19:29:02.257

Modified: 2020-10-19T18:10:07.320

Link: CVE-2019-7611

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Elasticsearch", "vendor": "Elastic", "versions": [{"status": "affected", "version": "before 5.6.15 and 6.6.1"}]}], "descriptions": [{"lang": "en", "value": "A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-03-25T18:34:06", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"}, {"tags": ["x_refsource_MISC"], "url": "https://www.elastic.co/community/security"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@elastic.co", "ID": "CVE-2019-7611", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Elasticsearch", "version": {"version_data": [{"version_value": "before 5.6.15 and 6.6.1"}]}}]}, "vendor_name": "Elastic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284: Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"}, {"name": "https://www.elastic.co/community/security", "refsource": "MISC", "url": "https://www.elastic.co/community/security"}]}}}}, "cveMetadata": {"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2019-7611", "datePublished": "2019-03-25T18:34:06", "dateReserved": "2019-02-07T00:00:00", "dateUpdated": "2019-03-25T18:34:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE497C38-A3FA-4035-B170-5C58AAC425AE", "versionEndExcluding": "5.6.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFDDB30B-F1F5-4D7F-A7AA-8335B15FA9E8", "versionEndExcluding": "6.6.1", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index."}, {"lang": "es", "value": "Se ha encontrado un problema de permiso en versiones anteriores a las 5.6.15 y 6.6.1 de Elasticsearch cuando se encuentran deshabilitados Field Level Security y Document Level Security, y se utilizan los endpoints _aliases, _shrink o _split. Si el archivo elasticsearch.yml tiene la opci\u00f3n xpack.security.dls_fls.enabled configurada en \u2018\u2018false\u2019\u2019, se omiten ciertas comprobaciones de permiso cuando los usuarios ejecutan una de las acciones mencionadas anteriormente, para hacer que los datos existentes sean disponibles bajo un nuevo alias o nombre de \u00edndice. Esto podr\u00eda resultar en que un atacante logre permisos adicionales en un \u00edndice restringido."}], "id": "CVE-2019-7611", "lastModified": "2020-10-19T18:10:07.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-25T19:29:02.257", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "bressers@elastic.co", "type": "Secondary"}]}