Candidate: CVE-2020-7019
PublicDate: 2020-08-18 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7019
 https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456
Description:
 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found
 when running a scrolling search with Field Level Security. If a user runs
 the same query another more privileged user recently ran, the scrolling
 search can leak fields that should be hidden. This could result in an
 attacker gaining additional permissions against a restricted index.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [6.5 MEDIUM]


Patches_elasticsearch:
upstream_elasticsearch: needs-triage
precise/esm_elasticsearch: DNE
trusty_elasticsearch: ignored (out of standard support)
trusty/esm_elasticsearch: DNE
xenial_elasticsearch: ignored (end of standard support, was needs-triage)
bionic_elasticsearch: DNE
focal_elasticsearch: DNE
groovy_elasticsearch: DNE
hirsute_elasticsearch: DNE
impish_elasticsearch: DNE
jammy_elasticsearch: DNE
devel_elasticsearch: DNE