https://bugzilla.redhat.com/show_bug.cgi?id=1696034
Bug ID: 1696034 Summary: CVE-2019-7611 elasticsearch: Improper permission issue when attaching a new name to an index Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190219,reported=20190219,sour ce=cve,cvss3=6.8/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/ I:H/A:N,cwe=CWE-285,openshift-enterprise-3.11/elastics earch=new,openshift-enterprise-3.10/elasticsearch=new, openshift-enterprise-3.9/elasticsearch=new,openshift-e nterprise-3.7/elasticsearch=new,openshift-enterprise-3 .6/elasticsearch=new,openshift-enterprise-3.1/elastics earch=new,openshift-enterprise-3.0/elasticsearch=new,o penstack-8-optools/elasticsearch=new,openshift-enterpr ise-3.5/elasticsearch=new,openshift-enterprise-3.4/ela sticsearch=new,openshift-enterprise-3.3/elasticsearch= new,openshift-enterprise-3.2/elasticsearch=new,opensta ck-9-optools/elasticsearch=new,fedora-all/elasticsearc h=affected,sam-1/elasticsearch=new,fuse-7/elasticsearc h=new,rhdm-7/elasticsearch=new,fuse-6/elasticsearch=ne w,rhpam-7/elasticsearch=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: psampaio@redhat.com CC: ahardin@redhat.com, alazarot@redhat.com, anstephe@redhat.com, bkearney@redhat.com, bleanhar@redhat.com, bobjensen@gmail.com, cbillett@redhat.com, ccoleman@redhat.com, chazlett@redhat.com, dbecker@redhat.com, dedgar@redhat.com, emmanuel@seyman.fr, eparis@redhat.com, etirelli@redhat.com, ibek@redhat.com, java-sig-commits@lists.fedoraproject.org, jgoulding@redhat.com, jjoyce@redhat.com, jokerman@redhat.com, jschluet@redhat.com, jvanek@redhat.com, kbasil@redhat.com, krathod@redhat.com, kverlaen@redhat.com, lhh@redhat.com, lpeer@redhat.com, lpetrovi@redhat.com, mburns@redhat.com, mchappel@redhat.com, mmagr@redhat.com, pahan@hubbitus.info, paradhya@redhat.com, rrajasek@redhat.com, rsynek@redhat.com, rzhang@redhat.com, sclewis@redhat.com, sdaley@redhat.com, slinaber@redhat.com, tomckay@redhat.com, zbyszek@in.waw.pl Target Milestone: --- Classification: Other
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
References:
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/...