BIT-elasticsearch-2021-22147

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/elasticsearch/BIT-elasticsearch-2021-22147.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-elasticsearch-2021-22147

Aliases

CVE-2021-22147
GHSA-45h5-r968-5xr7

Published

2024-03-06T10:52:52.691Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Database specific

{
    "cpes": [
        "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://security.netapp.com/advisory/ntap-20211008-0002/
https://www.elastic.co/community/security/

Affected packages

Bitnami / elasticsearch

Package

Name: elasticsearch
Purl: pkg:bitnami/elasticsearch

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.11.0

Fixed

7.14.0