| ID |
CVE-2021-22147
|
| Summary |
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:elastic:elasticsearch:7.11.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.11.0:*:*:*:*:*:*:*
-
cpe:2.3:a:elastic:elasticsearch:7.11.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.11.1:*:*:*:*:*:*:*
-
cpe:2.3:a:elastic:elasticsearch:7.11.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.11.2:*:*:*:*:*:*:*
-
cpe:2.3:a:elastic:elasticsearch:7.12.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.12.0:*:*:*:*:*:*:*
-
cpe:2.3:a:elastic:elasticsearch:7.12.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.12.1:*:*:*:*:*:*:*
-
cpe:2.3:a:elastic:elasticsearch:7.13.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.13.0:*:*:*:*:*:*:*
-
cpe:2.3:a:elastic:elasticsearch:7.13.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.13.1:*:*:*:*:*:*:*
-
cpe:2.3:a:elastic:elasticsearch:7.13.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.13.2:*:*:*:*:*:*:*
-
cpe:2.3:a:elastic:elasticsearch:7.13.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.13.3:*:*:*:*:*:*:*
-
cpe:2.3:a:elastic:elasticsearch:7.13.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elasticsearch:7.13.4:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 4.0 (as of 04-11-2022 - 18:27) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-862 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
SINGLE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| Last major update |
04-11-2022 - 18:27 |
| Published |
15-09-2021 - 12:15 |
| Last modified |
04-11-2022 - 18:27 |
