CVE-2021-22142

Source
https://cve.org/CVERecord?id=CVE-2021-22142
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22142.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22142
Published
2023-11-22T01:15:07.210Z
Modified
2026-07-08T23:57:26.773532Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.13.0"
        }
    ]
}

Database specific

vanir_signatures_modified
"2026-07-08T23:57:26Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22142.json"
vanir_signatures
[
    {
        "id": "CVE-2021-22142-380249c2",
        "digest": {
            "function_hash": "227216430068460033235308427492323478400",
            "length": 2935.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "deprecated": false,
        "target": {
            "function": "resolveIndicesAndAliases",
            "file": "x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java"
        }
    },
    {
        "id": "CVE-2021-22142-38eb1b31",
        "digest": {
            "line_hashes": [
                "55539977706972764223998020109119724887",
                "108866741272134427931983020897151238150",
                "329827430092600655194924251720352038283",
                "85338178055917574359418118532690349453",
                "313565538655456924766280144088592985868",
                "115626852840808190571223943133786180257",
                "194588236440361431816945964874334377311"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "deprecated": false,
        "target": {
            "file": "server/src/main/java/org/elasticsearch/action/admin/indices/alias/get/TransportGetAliasesAction.java"
        }
    },
    {
        "id": "CVE-2021-22142-68f925ba",
        "digest": {
            "function_hash": "268543545218217461850131332688807170407",
            "length": 491.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "deprecated": false,
        "target": {
            "function": "masterOperation",
            "file": "server/src/main/java/org/elasticsearch/action/admin/indices/alias/get/TransportGetAliasesAction.java"
        }
    },
    {
        "id": "CVE-2021-22142-71f9dbb1",
        "digest": {
            "line_hashes": [
                "74928895544089740689162400432413003952",
                "97561339387465302885684987238720635614",
                "44533704551911896204620084930598125429",
                "275049118129502138480443430981388358541"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "deprecated": false,
        "target": {
            "file": "x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java"
        }
    },
    {
        "id": "CVE-2021-22142-7d559983",
        "digest": {
            "function_hash": "247112587562710771113135290605449782032",
            "length": 1102.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "deprecated": false,
        "target": {
            "function": "isIndexVisible",
            "file": "server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java"
        }
    },
    {
        "id": "CVE-2021-22142-b1a8ffe7",
        "digest": {
            "function_hash": "273230870683369765253352467588015177127",
            "length": 1373.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "deprecated": false,
        "target": {
            "function": "resolveIndexAbstractions",
            "file": "server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java"
        }
    },
    {
        "id": "CVE-2021-22142-b9073a4d",
        "digest": {
            "function_hash": "102021398784448359171462391403856401347",
            "length": 158.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "deprecated": false,
        "target": {
            "function": "isIndexVisible",
            "file": "server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java"
        }
    },
    {
        "id": "CVE-2021-22142-be2c9296",
        "digest": {
            "line_hashes": [
                "315583905025711201338257251550976430652",
                "162055396232869671782478615264078473955",
                "60127143269222727131888252790882248346",
                "117465318921854459789400838715394032978",
                "170756754679239683118032533315915259355",
                "134906571956213828407197490727364771243",
                "109669367423997211060033604053313673331",
                "40676066967639263533994094079349730991",
                "156226404375316730968696291449751363272",
                "98841195464491134889173032696595615713",
                "181914096864269137743629192678985626619",
                "151564147691626552071742565259854921797",
                "333686622301376325362460423106807652814",
                "141362554469059029444557007985627274672",
                "322716854967362460775656511697347633157",
                "257445524494417861409133682691751834861",
                "246965848769450748258097109991113816289",
                "213510124587421860425982392086712920913",
                "163386518199771855566380438249349316377",
                "122344896278602812722681119217318308435",
                "293555246667050077758058929476892999409",
                "191227080001206068144340340779451891136",
                "338221508279617582727204616913772286527",
                "294985612753226738409344034344247054434",
                "99428750193244029909347155815027104093",
                "150912233749050384828794130147314119871",
                "32450535925734433967500510116973595593",
                "55007076679500927438590671160792156802"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "deprecated": false,
        "target": {
            "file": "server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java"
        }
    }
]

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.13.0"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22142.json"