Security Flaw in Elasticsearch by Elastic
CVE-2021-22147

6.5MEDIUM

Key Information:

Vendor
Elastic
Status
Elasticsearch
Vendor
CVE Published:
15 September 2021

Summary

A security issue in Elasticsearch prior to version 7.14.0 allows authenticated users to bypass document and field level security on searchable snapshots. This oversight can grant users unauthorized access to sensitive information, posing significant risks to data integrity and confidentiality. Organizations using affected versions should apply the necessary updates to secure their systems against potential exploitation.

Affected Version(s)

Elasticsearch versions 7.11.0 to 7.13.4

References

https://www.elastic.co/community/security/
x_refsource_MISC
https://discuss.elastic.co/t/elastic-stack-7-14-0-securit...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20211008-0002/
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.