CVE-2021-22147 – org.elasticsearch:elasticsearch

Package

Manager: maven
Name: org.elasticsearch:elasticsearch
Vulnerable Version: >=7.11.0 <7.14.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00276 pctl0.50705

Details

Exposure of sensitive information in Elasticsearch A flaw was discovered in Elasticsearch where document and field level security was not applied to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Metadata

Created: 2021-09-20T20:29:40Z
Modified: 2021-09-27T18:51:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-45h5-r968-5xr7/GHSA-45h5-r968-5xr7.json
CWE IDs: ["CWE-732", "CWE-862"]
Alternative ID: GHSA-45h5-r968-5xr7
Finding: F039
Auto approve: 1