Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-12539

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.

Published

2024-12-17T21:15:07.183

Last Modified

2025-02-04T15:16:44.880

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-863
Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	elasticsearch	< 8.16.2	Yes

References

https://discuss.elastic.co/t/elasticsearch-8-16-2-8-17-0-security-update/372091 Vendor Advisory ([email protected])