CVE-2020-7020 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-7020 Interim 1 10 2025-02-17T01:37:40Z current 2021-05-30T14:37:23Z 2025-02-17T01:37:40Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-7020 Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 elasticsearch elasticsearch as a component of HPE Helion OpenStack 8 elasticsearch as a component of SUSE OpenStack Cloud 8 elasticsearch as a component of SUSE OpenStack Cloud 9 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 8 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 9 Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. CVE-2020-7020 HPE Helion OpenStack 8:elasticsearch SUSE OpenStack Cloud 8:elasticsearch SUSE OpenStack Cloud 9:elasticsearch SUSE OpenStack Cloud Crowbar 8:elasticsearch SUSE OpenStack Cloud Crowbar 9:elasticsearch low 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N