CVE-2021-22137
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-22137
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22137.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-22137
- Aliases
- Related
- Published
- 2021-05-13T18:15:09Z
- Modified
- 2025-02-19T03:17:36.076121Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/elastic/elasticsearch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.19.0.RC1
v0.19.0.RC2
v0.19.0.RC3
v0.20.0.RC1
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.90.0
v0.90.0.Beta1
v0.90.0.RC1
v0.90.0.RC2
v1.*
v1.0.0.Beta1
v1.0.0.Beta2
v1.0.0.RC1
v5.*
v5.0.0-alpha1
v5.0.0-alpha2
v5.0.0-alpha3
v5.0.0-alpha4
v5.0.0-alpha5
v6.*
v6.0.0-alpha1
v6.0.0-alpha2
v6.7.0
v6.7.1
v6.7.2
v6.8.0
v6.8.1
v6.8.10
v6.8.11
v6.8.12
v6.8.13
v6.8.14
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9