CVE-2019-7611 log

Severity High
Remote Yes
Type Privilege escalation
A permission issue was found in Elasticsearch when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
Group Package Affected Fixed Severity Status Ticket
AVG-912 elasticsearch 6.6.0-1 6.6.1-1 High Fixed
Date Advisory Group Package Severity Type
25 Feb 2019 ASA-201902-27 AVG-912 elasticsearch High privilege escalation