CVE-2021-22135
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-22135
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22135.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-22135
- Aliases
- Related
- Published
- 2021-05-13T18:15:08Z
- Modified
- 2025-02-19T03:17:16.699916Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/elastic/elasticsearch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.19.0.RC1
v0.19.0.RC2
v0.19.0.RC3
v0.20.0.RC1
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.90.0
v0.90.0.Beta1
v0.90.0.RC1
v0.90.0.RC2
v1.*
v1.0.0.Beta1
v1.0.0.Beta2
v1.0.0.RC1
v5.*
v5.0.0-alpha1
v5.0.0-alpha2
v5.0.0-alpha3
v5.0.0-alpha4
v5.0.0-alpha5
v6.*
v6.0.0-alpha1
v6.0.0-alpha2
v6.7.0
v6.7.1
v6.7.2
v6.8.0
v6.8.1
v6.8.10
v6.8.11
v6.8.12
v6.8.13
v6.8.14
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9