CVE-2021-22146

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22146
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22146.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22146
Aliases
Published
2021-07-21T15:15:14.100Z
Modified
2026-04-10T04:29:57.802325Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5d21bea28db1e89ecc1f66311ebdec9dc3aa7d64
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.13.3"
        }
    ]
}

Affected versions

v7.*
v7.0.0-alpha1
v7.0.0-alpha2
v7.13.0
v7.13.1
v7.13.2
v7.13.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22146.json"