CVE-2020-7020

LOW Year: 2020
CVSS v3 Score
3.1
Low
CVSS v2 Score
3.5
Low
Weakness Type
CWE-270
View all →

Vulnerability Description

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.

Related Vulnerabilities

CVE-2023-25754

CRITICAL
CVSS:9.8(Critical)

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.

CWE-2702023

CVE-2023-37912

HIGH
CVSS:8.8(High)

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` a...

CWE-2702023

CVE-2024-36513

HIGH
CVSS:8.8(High)

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their...

CWE-2702024

CVE-2024-8641

HIGH
CVSS:8.8(High)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attac...

CWE-2702024

CVE-2024-11263

HIGH
CVSS:8.4(High)

When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesse...

CWE-2702024

CVE-2024-46975

HIGH
CVSS:7.9(High)

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory.

CWE-2702024