Security Advisory

CVE-2024-23446

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-07 03:16:39

Last updated 2024-08-19 20:08:17

Assigner elastic

State PUBLISHED

Description

An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.

← Browse all CVEs View on cve.org ↗