Search Guard FLX
Easy fix2 remedies
cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:*:*
Easy fix2 remedies
- >= 3.0.0, <= 4.0.1
Search Guard FLX Privilege Escalation Vulnerability in Data Stream Management Operations
Vulnerability
Patched
A vulnerability exists in Search Guard FLX versions 3.0.0 prior to 4.0.1, allowing users without the necessary privileges to perform certain management operations on data streams. This issue arises from inadequate access controls, which can be exploited to manipulate data stream management functions.
Impact
Exploitation of this vulnerability could lead to unauthorized users performing management operations on data streams, potentially disrupting data flow or causing data integrity issues.
Remediation
Users can upgrade to Search Guard FLX version 4.1.0, where this vulnerability has been fixed. If an immediate upgrade is not possible, the issue can be mitigated by adding 'indices:admin/data_stream/modify' to the 'searchguard.admin_only_indices' property in the 'elasticsearch.yml' configuration file.
Added: Mar 31, 2026, 4:26 PM
Updated: Mar 31, 2026, 4:26 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.5exploitability
4.9remediation
7.9relevance
5.0threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.