CVE-2019-13417 - AskarLabs CVE Database

CVE-2019-13417

Vendor Floragunn

Product Search Guard

Weakness CWE-863 · Incorrect authorization

Published August 12, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.

Key dates

02Disclosure timeline

August 12, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-13417 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2026-28732 Slash command trigger-word update allowed command hijacking CVE-2024-38869 Incorrect Authorization CVE-2021-41189 Communities and collections administrators can escalate their privilege up to system administrator CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass