Description
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Remediation
References
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://security.netapp.com/advisory/ntap-20211008-0002/
https://www.elastic.co/community/security/
Related Vulnerabilities
CVE-2020-2096 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-hook
CVE-2023-30527 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth
CVE-2019-13416 Vulnerability in maven package com.floragunn:search-guard-6
CVE-2023-22893 Vulnerability in npm package @strapi/plugin-users-permissions
CVE-2023-23850 Vulnerability in maven package org.jenkins-ci.plugins:synopsys-coverity