{"containers": {"cna": {"affected": [{"product": "Search Guard", "vendor": "floragunn", "versions": [{"status": "affected", "version": "before 24.3"}]}], "descriptions": [{"lang": "en", "value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-13T18:58:45", "orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://search-guard.com/cve-advisory/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@search-guard.com", "ID": "CVE-2019-13416", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Search Guard", "version": {"version_data": [{"version_value": "before 24.3"}]}}]}, "vendor_name": "floragunn"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285: Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://search-guard.com/cve-advisory/", "refsource": "MISC", "url": "https://search-guard.com/cve-advisory/"}, {"name": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3", "refsource": "CONFIRM", "url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:49:24.948Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://search-guard.com/cve-advisory/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"}]}]}, "cveMetadata": {"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "assignerShortName": "floragunn", "cveId": "CVE-2019-13416", "datePublished": "2019-08-13T18:58:45", "dateReserved": "2019-07-08T00:00:00", "dateUpdated": "2024-08-04T23:49:24.948Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C6B3FE1-AB00-462F-B362-6F4CDA0139A6", "versionEndExcluding": "24.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s)."}, {"lang": "es", "value": "Search Guard versiones anteriores a la 24.3 ten\u00edan un problema cuando Cross Cluster Search (CCS) estaba habilitado, los usuarios autenticados siempre est\u00e1n autorizados en el cl\u00faster local ignorando sus roles en los cl\u00fasteres remotos."}], "id": "CVE-2019-13416", "lastModified": "2020-10-08T12:58:53.303", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-13T19:15:16.500", "references": [{"source": "security@search-guard.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3"}, {"source": "security@search-guard.com", "tags": ["Vendor Advisory"], "url": "https://search-guard.com/cve-advisory/"}], "sourceIdentifier": "security@search-guard.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "security@search-guard.com", "type": "Secondary"}]}

{"bugzilla": {"description": "search-guard: authenticated users ignoring their roles on the remote cluster", "id": "1758313", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758313"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-285", "details": ["Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s)."], "name": "CVE-2019-13416", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Fix deferred", "package_name": "openshift-elasticsearch-plugin", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "openshift3/ose-logging-elasticsearch5", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Fix deferred", "package_name": "openshift-elasticsearch-plugin", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Fix deferred", "package_name": "search-guard", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-logging-elasticsearch5", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-08-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-13416\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13416"], "threat_severity": "Low"}