An issue was discovered by Elastic, whereby the Detection...
Moderate severity
Unreviewed
Published
Feb 7, 2024
to the GitHub Advisory Database
Description
Published by the National Vulnerability Database
Feb 7, 2024
Published to the GitHub Advisory Database
Feb 7, 2024
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.
References