漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Elasticsearch Incorrect Authorization
Vulnerability Description
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Elastic Elasticsearch 安全漏洞
Vulnerability Description
Elastic Elasticsearch是荷兰Elastic公司的一个基于Lucene库的搜索引擎。 Elastic Elasticsearch 8.16.0版本和8.16.1版本存在安全漏洞,该漏洞源于授权控制不当,允许恶意行为者绕过文档级别安全性,并访问其角色正常情况下不允许访问的文档。
CVSS Information
N/A
Vulnerability Type
N/A