Description

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Remediation

References

https://www.elastic.co/community/security/

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

https://security.netapp.com/advisory/ntap-20211008-0002/

Related Vulnerabilities

CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-pmml-examples

CVE-2022-39322 Vulnerability in npm package @keystone-6/core

CVE-2018-10054 Vulnerability in maven package com.datomic:datomic-free

CVE-2015-7501 Vulnerability in maven package org.apache.commons:commons-collections4

CVE-2022-24728 Vulnerability in maven package org.webjars.npm:ckeditor4

Severity

High

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Third Party Advisory