Description
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Remediation
References
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://security.netapp.com/advisory/ntap-20211008-0002/
https://www.elastic.co/community/security/
Related Vulnerabilities
CVE-2018-5382 Vulnerability in maven package org.bouncycastle:bcprov-jdk16
CVE-2022-43414 Vulnerability in maven package org.jenkins-ci.plugins:nunit
CVE-2012-4458 Vulnerability in maven package org.apache.qpid:qpid-common
CVE-2022-39366 Vulnerability in maven package io.acryl:datahub-client
CVE-2022-24815 Vulnerability in npm package generator-jhipster