CVE-2021-22147
MEDIUM6.5EPSS 0.31%Exposure of sensitive information in Elasticsearch
Published: 9/20/2021Modified: 4/3/2025
Description
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Affected packages (2)
- Bitnami/elasticsearch>= 7.11.0, < 7.14.0
- Maven/org.elasticsearch:elasticsearch>= 7.11.0, < 7.14.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-22147
- WEBhttps://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
- WEBhttps://security.netapp.com/advisory/ntap-20211008-0002
- WEBhttps://security.netapp.com/advisory/ntap-20211008-0002/
- WEBhttps://www.elastic.co/community/security
- WEBhttps://www.elastic.co/community/security/