CVE-2025-12149
BaseFortify
Publication date: 2025-11-14
Last updated on: 2025-11-14
Assigner: floragunn GmbH
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| search_guard | flx | 3.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Search Guard FLX versions 3.1.2 and earlier, where Document-Level Security (DLS) is supposed to restrict access to documents based on rules. However, when a search is triggered from a Signal's watch, the DLS rules are not enforced, allowing users to access all documents in the queried indices regardless of restrictions.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to all documents in the queried indices when searches are triggered from a Signal's watch, potentially exposing sensitive or restricted information to users who should not have access.