CVE – advisory

About Search Guard Security Advisories

An Search Guard Security Advisory (“SGSA”) is a notice from Search Guard/floragunn GmbH to its users of security issues with the Search Guard products. Search Guard/floragunn assigns both a CVE and an SGSA identifier to each advisory along with a summary and remediation and mitigation details.

For how to report a security issue please see Disclosure policy

(formerly SISG)
CVE Date
—- —- —- —- —- —-
SISG 9 2018-04-09

A Kibana user could impersonate as kibanaserver user when providing wrong credentials

Update Kibana Plugin 5.6.8-7 and Kibana Plugin 6.x-12 Guy Moller
SISG 8 2018-04-04

Redirect and XSS vulnerability in Kibana plugin

Update Kibana Plugin 5.6.8-7 and Kibana Plugin 6.x-12 Vineet Kumar
SISG 7 2017-08-10

DLS/FLS leaking information when multitenancy module is installed and “do not fail on forbidden” is activated

Update or deactivate “do not fail on forbidden” SG v15 Guy Moller
SISG 6 2017-02-13

FLS/DLS not working for regex index patterns

Update or avoid regex patterns SG v11 and DLS/FLS module v6 Guy Moller
SISG 5 2017-01-03

Auditlog does not log all security relevant events

Update SG v10 Guy Moller
SISG 4 2017-01-05

FLS/DLS not working for index patterns

Update SG v10 and DLS/FLS module v5 Matej Zerovnik
SISG 3 2016-11-27

Wrong permissions resolution for certain index/type combinations

Update SG v9 Lucas Bremgartner
SISG 2 2016-11-25

DLS not picked up when getting documents by ID#1

Update SG v9 and DLS/FLS module v5 Fabio Corneti
SISG 1 2016-07-28

Authentication cache lead to password hashcode vulnerability #186

Update SG v4 Vladimir Gordiychuk

Search Guard Security Information

pmeloCVE – advisory