CVE-2021-22147

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22147

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22147.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-22147

Aliases

BIT-elasticsearch-2021-22147
GHSA-45h5-r968-5xr7

Related

UBUNTU-CVE-2021-22147

Published

2021-09-15T12:15:08Z

Modified

2025-02-18T22:28:38Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

References

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://security.netapp.com/advisory/ntap-20211008-0002/
https://www.elastic.co/community/security/

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

8ced7813d6f16d2ef30792e2fcde3e755795ee04

Fixed

dd5a0a2acaa2045ff9624f3729fc8a6f40835aa1