Vulnerability Details CVE-2021-22147
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
- https://security.netapp.com/advisory/ntap-20211008-0002/
- https://www.elastic.co/community/security/
- https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
- https://security.netapp.com/advisory/ntap-20211008-0002/
- https://www.elastic.co/community/security/
Products affected by CVE-2021-22147
-
cpe:2.3:a:elastic:elasticsearch:7.11.0
-
cpe:2.3:a:elastic:elasticsearch:7.11.1
-
cpe:2.3:a:elastic:elasticsearch:7.11.2
-
cpe:2.3:a:elastic:elasticsearch:7.12.0
-
cpe:2.3:a:elastic:elasticsearch:7.12.1
-
cpe:2.3:a:elastic:elasticsearch:7.13.0
-
cpe:2.3:a:elastic:elasticsearch:7.13.1
-
cpe:2.3:a:elastic:elasticsearch:7.13.2
-
cpe:2.3:a:elastic:elasticsearch:7.13.3
-
cpe:2.3:a:elastic:elasticsearch:7.13.4