ghsa-45h5-r968-5xr7
Vulnerability from github
Published
2021-09-20 20:29
Modified
2021-09-27 18:51
Severity
Summary
Exposure of sensitive information in Elasticsearch
Details
A flaw was discovered in Elasticsearch where document and field level security was not applied to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.elasticsearch:elasticsearch" }, "ranges": [ { "events": [ { "introduced": "7.11.0" }, { "fixed": "7.14.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-22147" ], "database_specific": { "cwe_ids": [ "CWE-732", "CWE-862" ], "github_reviewed": true, "github_reviewed_at": "2021-09-16T17:10:33Z", "nvd_published_at": "2021-09-15T12:15:00Z", "severity": "MODERATE" }, "details": "A flaw was discovered in Elasticsearch where document and field level security was not applied to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.", "id": "GHSA-45h5-r968-5xr7", "modified": "2021-09-27T18:51:18Z", "published": "2021-09-20T20:29:40Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22147" }, { "type": "WEB", "url": "https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20211008-0002" }, { "type": "WEB", "url": "https://www.elastic.co/community/security" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ], "summary": "Exposure of sensitive information in Elasticsearch" }
Loading...