Vulnerability Details CVE-2021-37940
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.4%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.0
References
Products affected by CVE-2021-37940
-
cpe:2.3:a:elastic:enterprise_search:-
-
cpe:2.3:a:elastic:enterprise_search:7.10.0
-
cpe:2.3:a:elastic:enterprise_search:7.10.1
-
cpe:2.3:a:elastic:enterprise_search:7.10.2
-
cpe:2.3:a:elastic:enterprise_search:7.11.0
-
cpe:2.3:a:elastic:enterprise_search:7.11.1
-
cpe:2.3:a:elastic:enterprise_search:7.11.2
-
cpe:2.3:a:elastic:enterprise_search:7.11.3
-
cpe:2.3:a:elastic:enterprise_search:7.12.0
-
cpe:2.3:a:elastic:enterprise_search:7.12.1
-
cpe:2.3:a:elastic:enterprise_search:7.13.0
-
cpe:2.3:a:elastic:enterprise_search:7.13.1
-
cpe:2.3:a:elastic:enterprise_search:7.13.2
-
cpe:2.3:a:elastic:enterprise_search:7.13.3
-
cpe:2.3:a:elastic:enterprise_search:7.13.4
-
cpe:2.3:a:elastic:enterprise_search:7.14.0
-
cpe:2.3:a:elastic:enterprise_search:7.14.1
-
cpe:2.3:a:elastic:enterprise_search:7.14.2
-
cpe:2.3:a:elastic:enterprise_search:7.15.2
-
cpe:2.3:a:elastic:enterprise_search:7.7.0
-
cpe:2.3:a:elastic:enterprise_search:7.7.1
-
cpe:2.3:a:elastic:enterprise_search:7.8.0
-
cpe:2.3:a:elastic:enterprise_search:7.8.1
-
cpe:2.3:a:elastic:enterprise_search:7.9.0
-
cpe:2.3:a:elastic:enterprise_search:7.9.1
-
cpe:2.3:a:elastic:enterprise_search:7.9.2
-
cpe:2.3:a:elastic:enterprise_search:7.9.3