VDB
CVE-2020-7020
CVE-2020-7020
PUBLISHED
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
EPSS 0.08% · 23.0th percentile
Risk Scores
EPSS Score
0.08%
23.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | elasticsearch | 7.0.0, 0 |
| Bitnami | elasticsearch | 0, 7.0.0, 7.0.0 |
Exploit Intelligence
- suppressions_cve.xml (github-poc)
- suppressions_cve.xml (github-poc)
- suppressions_cve.xml (github-poc)
- suppressions_cve.xml (github-poc)
- suppressions_cve.xml (github-poc)
- suppressions_cve.xml (github-poc)
- suppressions_cve.xml (github-poc)
- suppressions_cve.xml (github-poc)
- suppressions_cve.xml (github-poc)
Timeline
- Oct 22, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033 url
- https://security.netapp.com/advisory/ntap-20201123-0001/ url
- https://staging-website.elastic.co/community/security/ url
- https://nvd.nist.gov/vuln/detail/CVE-2020-7020 url
- Multiples vulnérabilités dans les produits Juniper Networks advisory