Vulnerability Description
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Search-Guard | Search Guard | < 24.3 |
Related Weaknesses (CWE)
References
- https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3Release NotesVendor Advisory
- https://search-guard.com/cve-advisory/Vendor Advisory
- https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3Release NotesVendor Advisory
- https://search-guard.com/cve-advisory/Vendor Advisory
FAQ
What is CVE-2019-13415?
CVE-2019-13415 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
How severe is CVE-2019-13415?
CVE-2019-13415 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13415?
Check the references section above for vendor advisories and patch information. Affected products include: Search-Guard Search Guard.