ID CVE-2021-22147
Summary Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
References
Vulnerable Configurations
  • cpe:2.3:a:elastic:elasticsearch:7.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:elastic:elasticsearch:7.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:elastic:elasticsearch:7.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:elastic:elasticsearch:7.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:elastic:elasticsearch:7.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:elastic:elasticsearch:7.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:elastic:elasticsearch:7.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:elastic:elasticsearch:7.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:elastic:elasticsearch:7.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:elastic:elasticsearch:7.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:elasticsearch:7.13.4:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 04-11-2022 - 18:27)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
Last major update 04-11-2022 - 18:27
Published 15-09-2021 - 12:15
Last modified 04-11-2022 - 18:27
Back to Top