CVE-2019-7611 log

Source
Severity High
Remote Yes
Type Privilege escalation
Description
A permission issue was found in Elasticsearch when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
Group Package Affected Fixed Severity Status Ticket
AVG-912 elasticsearch 6.6.0-1 6.6.1-1 High Fixed
Date Advisory Group Package Severity Description
25 Feb 2019 ASA-201902-27 AVG-912 elasticsearch High privilege escalation
References
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077