Field disclosure vulnerability in Elasticsearch - CVE-2020-7020 (dpkg)ID: oval:org.secpod.oval:def:66350 | Date: (C)2020-10-27 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Elasticsearch 6.x before 6.8.13 or 7.x before 7.9.2 and is prone to a field disclosure vulnerability. A flaw is present in the application, which fails to handle hidden Document or Field Level Security. Successful exploitation could allow attackers to know the existence of documents but not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.